Submitted via IRC for AndyTheAbsurd
The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by "password spray" attacks.
It seems that the world outside of technologists will never listen to advice regarding strong passwords, not reusing passwords, not writing passwords down, etc. If you're an administrator and have the ability to do so - for the love of Dog, please enable TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) or something similar - and remember that SMS is far too easy to spoof to be considered a secure method of delivering one-time passwords."
Source: SC Magazine
(Score: 5, Insightful) by Anonymous Coward on Sunday May 12 2019, @07:07PM (1 child)
Never. The point of SMS authentication is to track you by getting your cell phone number. Most people only have one of those.
(Score: 0) by Anonymous Coward on Monday May 13 2019, @01:40PM
yeah tie that to the biometric and they know for sure its really you. unless someone cut off parts and your body was just a tool to unlock the phone of course. cops try to unlock phones found on corpses and were angered Apple's face-id can detect the glassy eyed stare of the dead--and not unlock the phone. people were upset that law unenforcement needed a warrant instead of how they got used to doing it--use the body to unlock the phone, copy everything, and not say anything about it.