#ShowerThought the very existence of password managers seems like a sign that we're doing computer security wrong.

Let me unpack that one a bit. Keys work because users don't have to memorize the shape of every one of their dozens of keys, and recall every detail of them blindfolded every time they need to unlock stuff. They just need to be able to recognize the right key from the set on their keyring. Nothing sensitive is given away if they can't, and just try them all one by one. The key does all the important memorizing about how to open the lock it goes with.

@strypey
From the basics - computer security has three factors - "Something you know", "Something you have", "Something you are". There is nothing more. Passwords are the "know", while certificates or keys are "have", biometrics is "are". 2FA means using two factors together. If you think about it, password manager is actually already 2FA, because you need to "know" the master password, and "have" the password database file. So it's actually a step up.

@chebra thanks, this a very clear, concise summary. Can you recommend a good link for a first principles discussion that lays out things like those 3 basic factors?

Follow

@strypey @chebra

Actually, the basic is "who you are".

The problem is trying to find a practical demonstration of that identity, that isn't subject to trivial spoofing.

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. This arcology is for all who wash up upon it's digital shore.