nanog mailing list archives
Re: South Africa On Lockdown - Coronavirus - Update!
From: Eric Tykwinski <eric-list () truenet com>
Date: Mon, 23 Mar 2020 18:19:14 -0400
I guess I wasn’t as detailed as should be, multi factor authentication should hopefully have 1 standard which will work for everything. So we have an app on our phone to authenticate after a username/password which give a 6 digit key, or we use a hardware based key to sign a OTP. Really either doesn’t matter, but trying to get endu sers to switch between each for every login is going to hamper acceptance in the large scale. MailOps, would probably the best example, as the spam is generated simply from usually not having anything because it’s just too difficult to implement. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300
On Mar 23, 2020, at 6:02 PM, Tom Beecher <beecher () beecher cc> wrote: I see no possible future outcome in which "one simple authentication mechanism" could ever be remotely close to reasonably secure. On Mon, Mar 23, 2020 at 5:57 PM Eric Tykwinski <eric-list () truenet com <mailto:eric-list () truenet com>> wrote: I think that’s the major sticky point, I would hope we could all agree on one thing, but that also leaves one entry point of failure. Hopefully we can all agree that FIDO2, OAUTH2, et al, with be a winner in the long run so everything can just use one simple authentication mechanism. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300On Mar 23, 2020, at 5:23 PM, Mark Tinka <mark.tinka () seacom mu <mailto:mark.tinka () seacom mu>> wrote: On 23/Mar/20 22:39, Keith Medcalf wrote:Hardware tokens are nothing more than dedicated hardware TOTP devices with perhaps a few additional parameters programmed at manufacturing time. Example, RSAID keyfobs are nothing more than TOTP generators with manufacturer programmed secrets and dedicated clock and display hardware with no external interface which permits access to the secret.For some of my banks, OTP tokens are issued via their device apps. I used to have physical key fobs for that; those are now gone. Admittedly, not all of my banks have made the transition. On the other hand, many of the banks have moved on to support Face ID and QR code verification via device apps. Not specific to VPN access management, but in the same vein. Mark.
Current thread:
- Re: South Africa On Lockdown - Coronavirus - Update!, (continued)
- Re: South Africa On Lockdown - Coronavirus - Update! Christopher Morrow (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Michael Loftis (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Joshua D'Alton (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 24)
- RE: South Africa On Lockdown - Coronavirus - Update! Keith Medcalf (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Eric Tykwinski (Mar 23)
- RE: South Africa On Lockdown - Coronavirus - Update! Keith Medcalf (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Michael Thomas (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Tom Beecher (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Eric Tykwinski (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Christopher Morrow (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Alexandre Petrescu (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Christopher Morrow (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Paul WALL (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Alexandre Petrescu (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Tom Beecher (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Randy Bush (Mar 24)