@ryanc Surely…
Posts
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits? -
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@ryanc Well that’ll teach me to take you seriously!
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@risottobias @ErikvanStraten and I appreciate you calling out the nuance of enroll vs authenticate.
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@risottobias @ErikvanStraten You say NIST, Is this 800-63? I don't remember it being in there, and "postal" only gets one match in https://pages.nist.gov/800-63-4/sp800-63.html
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@risottobias @ErikvanStraten Thanks! Is this rules of thumb? backed up by analysis or a standard?
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@ryanc I don't mean to be snarky, but, really? Is this a studied thing?
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?@ErikvanStraten If I understand it, the failure here isn't the 6 digit code, it's that microsoft failed to implement rate limits, backoff, or any sort of coordination between the authN instances?
(Which will be a great point to emphasize — I want to make sure I understand.)
-
Is there any meaningful security benefit to one time codes being more than 4-6 digits?Is there any meaningful security benefit to one time codes being more than 4-6 digits?
(For any of TOTP, email, or sms delivery.)
-
You guys, I have just discovered how much an expert witness gets paid by the hour ($459 on average) and surely this is a mistake.@flyingsaceur @mattblaze @evacide There's a small set of experts who write well, present well, are willing to tolerate lawyers , and don't have conflicts of interest.
-
You guys, I have just discovered how much an expert witness gets paid by the hour ($459 on average) and surely this is a mistake.@flyingsaceur @evacide @mattblaze Work done for the case is billable. Some experts charge a little more (I’ve seen 10% for deposition or testifying*) but you bill for your time spent on the work on the case.
*if you write a report, your rates will be in there.
-
"Insurance can help cybersecurity" is a hypothesis, not an axiom."Insurance can help cybersecurity" is a hypothesis, not an axiom.
-
Just finished a slide deck in two hours.@wendynather @darkreading Or maybe not, “Your devotion to that ancient religion has not helped you conjure up the stolen data tapes…”
-
Just finished a slide deck in two hours.@wendynather @darkreading Jedi robes?
-
Follow Friday Follow Packs!@mastodonmigration It was intended as a recommendation for people to add to your list
-
Follow Friday Follow Packs!@mastodonmigration @1br0wn @alysondecker @andreamm @andrew @annmlipton @AustinB @austinkocher @bespacific @chargrille @chrisgeidner @cmorris @copyrightlately @D_J_Nathanson @davidallengreen @design_law @drrimmer @evacide @FrankPasquale @heidilifeldman @icymi_law @karlauerbach @KProfsBlog @lawfare @LeftistLawyer @LeslieBurns @molly0xfff @pdxlawgrrrl @petersuber @SteveBellovin @Teri_Kanefield @trabern
@deviantollam @mattblaze @SheHacksPurple