[Info-vax] OpenVMS x64 Atom project
Arne Vajhøj
arne at vajhoej.dk
Mon Jun 7 15:12:21 EDT 2021
On 6/7/2021 2:11 PM, Dave Froble wrote:
> On 6/7/2021 1:45 PM, Bill Gunshannon wrote:
>> On 6/6/21 11:42 AM, Arne Vajhøj wrote:
>>> It has now become public that the pipeline got hit because:
>>> - a user had the same password at another site as for VPN to them
>>> - that other site got compromised and the password database got stolen
>>> and cracked
>>> - MFA not used
>>>
>>> Rather trivial, but a lot of breaches are considered trivial - after
>>> the fact.
>>
>> As I have said before, the only breach we had when I was the
>> administrator of the CS Department was one user account and
>> that was because he used his department password for a WordPress
>> account on the Web somewhere and we all know how good their
>> security is.
>>
>> Humans are the biggest threat to IT Systems and, so far, no one
>> has figured out how to patch them fix the problem.
>
> First, do away with passwords. Don't some phones now need a fingerprint
> to access? Guess that data could be copied, and used. Remote access is
> always an issue, and it just ain't going away.
Finger print check and password check is not the same type of check.
If you sit at your PC and login at a server 1000 miles away, then
finger print may make sense for the PC to verify that you are
who you are because the PC trust itself, but finger print is
just a long and fuzzy password for the server because
it does not trust the PC.
I believe current fashion in server side authentication is
login with username + password + some MFA like using your phone
(text message with code, app notification with code, app approval
etc.).
Arne
More information about the Info-vax
mailing list