2017-09-30 21:00 GMT+02:00 Daniel Kinzler <daniel.kinz...@wikimedia.de>:
> Biometry in general may be acceptable, but fingerprints should be > considered > weak protection, because you share that key with your environment all day, > every > day. Getting someone's fingerprint is *really* easy. If your phone gets > stolen, > chances are, the fingerprint needed to unlock it is right on there already. > I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint. Fingerprints are Usernames, not Passwords!¹ In additional to using good passwords² I would advise to change the ssh-keys once in a while and thereby upgrade to modern key-options. At the moment ed25519 – if already supported by the sites you use – and using PBKDF as key-derivation-function! See [3] for a howto. [1]: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html [2]: https://xkcd.com/936/ [3]: https://blog.g3rt.nl/upgrade-your-ssh-keys.html Regards, M -- Michael F. Schönitzer Wikimedia Deutschland e.V. | Tempelhofer Ufer 23-24 | 10963 Berlin Tel. (030) 219 158 26-0 http://wikimedia.de Stellen Sie sich eine Welt vor, in der jeder Mensch an der Menge allen Wissens frei teilhaben kann. Helfen Sie uns dabei! http://spenden.wikimedia.de/ Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e.V. Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für Körperschaften I Berlin, Steuernummer 27/681/51985.
_______________________________________________ Cloud mailing list Cloud@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/cloud
