Latest revision |
Your text |
Line 9: |
Line 9: |
| | | |
| Just to add something 'from the old days' (n.b., probably still applies to many non-web server logins, just rarer in more ubiquitous weblogins) is that any system that forces users to regularly change their passwords also tended to encourage the use of "Password1", "Password2", "Password3", sequentially (well, at least then you had a recent password to refresh in your mind), as they ''at least'' disallowed the immediate reuse of the last current password to replace itself, and possibly 'remembered' a number of past incarnations. But you tend not to get that feature (forced change/no reuse) on much of the modern infrastructure. It tends to focus more on a general form ("use special characters/uppercase!", as well as minimum lengths), which doesn't preclude bad 'sequential' practices (if you're even needing to do that) if you get ever "g!b³riZh1", "g!b³riZh2", "g!b³riZh3" started, then compromised by whatever means or reason... [[Special:Contributions/172.70.85.49|172.70.85.49]] 22:45, 26 September 2022 (UTC) | | Just to add something 'from the old days' (n.b., probably still applies to many non-web server logins, just rarer in more ubiquitous weblogins) is that any system that forces users to regularly change their passwords also tended to encourage the use of "Password1", "Password2", "Password3", sequentially (well, at least then you had a recent password to refresh in your mind), as they ''at least'' disallowed the immediate reuse of the last current password to replace itself, and possibly 'remembered' a number of past incarnations. But you tend not to get that feature (forced change/no reuse) on much of the modern infrastructure. It tends to focus more on a general form ("use special characters/uppercase!", as well as minimum lengths), which doesn't preclude bad 'sequential' practices (if you're even needing to do that) if you get ever "g!b³riZh1", "g!b³riZh2", "g!b³riZh3" started, then compromised by whatever means or reason... [[Special:Contributions/172.70.85.49|172.70.85.49]] 22:45, 26 September 2022 (UTC) |
− |
| |
− | "This could also be something of a reference to ‘two factor authentication’ a security annoyance which also requires ‘two keys’ (typically something from a dynamic physical token, as well as the static password which is susceptible to unauthorised reuse) that was adopted by more secure websites." - a stretch too far, IMO. This is a situation that has never gone from 'two keys' to 'one key (operator)' and back to 'two keys'. If anything, it might have been 2FA(password + token)->2FA(browser/password-manager + token), or even 1FA(password)->1FA(browser/whatever)->2FA( +token) for the slower/earlier adopters who had not originally worked out the token element. I've commented it out, because it isn't a good enough fit to really fit the analogy presented. Unless one of the other experts here can radically fix it to do so.
| |
− | <br />I don't personally use third-party PMs (either it's safe enough to just let the browser manage it, for convenience, or I actually remember all the individual passwords for things and untick any "Save password?" suggestion it gives me) so I also don't know how much 2FA is built into them in order to authorise them to "dual-key turn" (or if they even turn more than the one key, in any logical way), if you don't count the use of the installed PM itself as a virtual "possession" factor somehow. And I don't bank online, because I've never seen the advantages outweigh the potential problems. [[Special:Contributions/162.158.159.19|162.158.159.19]] 18:51, 27 September 2022 (UTC)
| |
− |
| |
− | With regard more specifically to software development, I think you'll find parallels with being able to run code (or, put another way, separating code from data). Once multi-user systems became a thing, it became important for systems to control what code could be executed on a computer. However, with any new system, programmers are always looking at ways to automate it, and they often create new ways for getting code into the system. Interpreters that allow processing of inputs as code are a common example of this. [[Special:Contributions/172.71.150.63|172.71.150.63]] 19:48, 27 September 2022 (UTC)
| |
− |
| |
− | The current explanation is extremely verbose for such a simple concept, joke, and title text rejoinder. Lots of the discussion is not really on topic. Can we pull some of it out into a "Further considerations" subsection perhaps? [[Special:Contributions/172.69.134.161|172.69.134.161]] 02:53, 28 September 2022 (UTC)
| |
− |
| |
− | : Agree, way to little explanation in too much text. I personally would even delete the whole section on password managers. Think the joke is more related to the web1/2/3 thing, mentioned below, than to password managers. --[[User:IamNotJudithPolgar|IamNotJudithPolgar]] ([[User talk:IamNotJudithPolgar|talk]]) 19:13, 19 February 2023 (UTC)
| |
− |
| |
− | The comic is about crypto service companies like crypto.com that are 'one-stop shops for all your decentralisation needs'. The comic refers to both a "two key" system (crypto uses a public and private key encryption) and the title text refers to decentralisation. Bitcoin is designed to be decentralised but it is not convenient to use it in a decentralised fashion. The vast majority of people use centralised services to access it (e.g. crypto.com). These are 'one-stop shops for all your decentralisation needs". I don't have a crypto account with one of these but I'm guessing they might use 2 factor authentication or public / private keys to verify account identity, which only fixes the security problem introduced by the service in the first place.
| |
− |
| |
− | Kids today with their impatience and demand for instant gratification. Back in my day you actually had to pick up the phone and talk to a human being to initiate a nuclear apocalypse. [[Special:Contributions/172.70.174.159|172.70.174.159]] 07:47, 29 September 2022 (UTC)
| |