Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: lightman

It is not hard to set up multiple options. Email, SMS, app, even an RSA or Yuibikey.

The whole point of all these mechanisms is to address the problem of password harvesting. ESPECIALLY for moderator/admin accounts.

Years ago I went into a datacenter and all the admin passwords were scribbled on the whiteboard. I could’ve run riot all through their network without them knowing it was me.

Imagine not having to go to the effort of taking a photo of a whiteboard because you can go on the dark web and get the photo from it...

Now imagine, everyone with zot abilities who has had the same password for fifteen years, has their login details in a freely available, hacked password list.

So even if MFA is overkill for Freepers, it should be mandatory for admins and moderators.


335 posted on 03/17/2025 1:08:03 AM PDT by MalPearce ("You see, but you do not observe" - Holmes to Watson, A Scandal in Bohemia)
[ Post Reply | Private Reply | To 320 | View Replies ]

To: MalPearce

Admin/moderators vs. “ordinary” account holders is a very valid distinction.


336 posted on 03/17/2025 7:19:14 AM PDT by lightman (Beat the Philly fraud machine the Amish did onest, ja? Nein, zweimal they did already!)
[ Post Reply | Private Reply | To 335 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson