On Sat, 24 Dec 2016 11:20 am, Paul Rubin wrote: > What is it that you are trying to secure? If it's something important, > set up 2-factor authentication (such as TOTP) and encourage your users > to use it.
You say that as if two-factor auth was a panacea. That's the sort of thinking that leads to: https://www.schneier.com/blog/archives/2009/09/hacking_two-fac.html https://www.schneier.com/blog/archives/2005/10/scandinavian_at_1.html http://resources.infosecinstitute.com/two-factor-authentication/ http://www.securityweek.com/two-factor-authentication-bypassed-simple-attacks not to mention the abomination of "one factor authentication, twice", like that used by the Australian government unified web portal. To log in, you have to provide something you know (username and password), plus something else you know (answer to a low-security question like "what was your mother's maiden name?"). -- Steve “Cheer up,” they said, “things could be worse.” So I cheered up, and sure enough, things got worse. -- https://mail.python.org/mailman/listinfo/python-list
