On Sat, May 14, 2022 at 12:42:28PM +0100, Brian wrote:
> On Sat 14 May 2022 at 07:23:47 +0200, tomas@tuxteam.de wrote:
>
> > On Sat, May 14, 2022 at 02:40:53PM +1200, Ash Joubert wrote:
> > > On 13/05/2022 12:23, Nicholas Geovanis wrote:
> > > > That's the value added in exchange for Ash's "massive pain in the arse".
> > > > Just making the 1st factor be
> > > > a loong password is not equivalent to 2FA in any way. Machine reaching back
> > > > to you is the difference.
> > >
> > > There are attacks that 2FA can defeat, especially things like password reset
> > > via compromised email server, but in general, two weak factors are not a
> > > match for a strong unique random password [...]
> >
> > [strong, unique, random]
> >
> > That's it. The unique part can't be stressed enough: if your have
> > umpteen services out there, it's a matter of time until one of
> > those passwords leak (incompetent service provider, phishing,
> > etc.). It better be different from your other passwords.
> >
> > To minimise stress, I let a tool generate my passwords (pwgen).
> > Important ones are 16 char (disk & backup encryption, bank account
> > key armor, etc.), less important ones (e.g. local login) just 8.
>
> Let me introduce you to my bank: they reduced the maximum 20 chars
> to 16 and did not allow some special chars such as "!" and ".".
> Mind you, I feel much more secure - 3FA is used :).
Three? Why not go all the way to 5FA [1]?
Cheers
[1] https://boingboing.net/2005/09/14/gillettes-5blade-raz.html
(not linking to the original Onion because their Javascript
doesn't want to play with me)
--
tomás
Attachment:
signature.asc
Description: PGP signature