Posted on 06/09/2021 6:47:55 AM PDT by ken in texas
Or . . . p@s$w0rD
Thanks for the info~
Never had a computer with OS/2.................
Thanks to ken in texas for the ping!
“Or an Authenticator app that generates a passcode each time.”
Sounds like a good idea. Some of our vendors and accounts require that anyhow. But it would be even better if you could have that feature for every important site. I’ll try to find something like that. Thanks.
“often involves user having to install apps on their phone”
What about using a PC? Do you think that would be applicable? We NEVER do anything financial on our phones, or even get email.
is this only apple users?
It has NOTHING to do with Apple or Apple users. The gratuitous mention of Cook and Apple is bullsh*t pseudo-journalism to spice it up.
This leak is a huge list of ONLY passwords. No emails, no usernames.
1 of the 2nd authentication apps I have to deal with also has a PC version. I don’t know about others.
Technically speaking it wouldn’t be anything financial on your phone. It’s just an app that you bring up when you’re logging in on your PC that sends a code (sometimes automatically, sometimes you have to enter the code on your PC) that basically says “yes, this login is legit”.
Tokenization is not new. We’ve been doing tokenization with Kerberos for decades. 2FA is really taking off with key providers out there everywhere, but the setup is very specific and requires maintenance to prevent outages and issues. With OAuth, OATH, and FIDO, there are many different standards, but they all work generally the same way. It’s still only a second factor. Passwords are still somewhat at play unless you’re going passwordless like so many large corporations.
My advice to prevent these breaches from impacting you: get a password management utility such as KeePass. Keep it local if you can. If it’s in the cloud, it can be stolen and brute forced. If you use KeePass, get a YubiKey, secure it with a certificate or OTP, and have a different, 20+ character passwords for EVERYTHING. Never reuse passwords. Ever. That’s why these breaches are so terrible.
>>This leak is a huge list of ONLY passwords. No emails, no usernames.
you can search by email and find matches
I change passwords and I put a signature ID on subject lines. Anyone receiving an email purportedly from me that does not have that signature knows not to open it.
i heard that tiktok was snooping the clipboard
i also heard that President Biden has lifted the ban on using tiktok while calling for an investigation into spyware apps.
Agree. I considered deleting that part of the first paragraph but left it in lest I be jumped on for excerpting too little. ;-)
“In the 80’s, engineers - Dilbert types, all brought their OWN computers to work.”
In the 80’s ....
Long timeframe. By the mid-80’s all our engineers had company computers.
Gotcha. That’s what we do with Amazon and some investment sites. I’m hoping all of them begin to offer that feature. It would be a huge advantage whe it comes to security overall.
“That’s the big benefit of the token system, it doesn’t matter if gets stolen. Since that token is only useful for your machine for about an hour “
I’m in over my head here but could we say that it’s good as long as your email address can’t be spoofed?
We had a poor company...................
so it is really not connected to anyone?
It’s definitely not new. But it’s spent most of its life as an open secret. Oauth has been around for ages, but nobody outside ‘nix world cared until a couple of years ago. Then MS started talking about it. Now it’s spreading like kudzu.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.