Submitted via IRC for AndyTheAbsurd
The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by "password spray" attacks.
It seems that the world outside of technologists will never listen to advice regarding strong passwords, not reusing passwords, not writing passwords down, etc. If you're an administrator and have the ability to do so - for the love of Dog, please enable TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) or something similar - and remember that SMS is far too easy to spoof to be considered a secure method of delivering one-time passwords."
Source: SC Magazine
(Score: 1) by RandomFactor on Sunday May 12 2019, @03:04PM
I've never enabled fingerprint or 'face' unlocking on my devices and I can't imagine I ever will. I understand that in principle police can't currently compell an unlock [pcmag.com] using biometric data (at least until challenged/overturned) but with unlock being based on something I know instead, it becomes my decision to stand up to the wrench [xkcd.com] or not. (And none of that 'no, he left it unlocked, we didn't force his tragically broken finger onto the fingerprint reader, honest!')
В «Правде» нет известий, в «Известиях» нет правды