silverwizard
/
Generator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Started a new post

Browse Source
main
silverwizard 3 weeks ago
parent 39f8578c9a
commit 9186f0fda1
3 changed files with 9 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 15
      src/MFAIsntMoving.md
  2. 9
      src/MFASucks.md
  3. 5
      src/SnakeOilsCost.md

15
src/MFAIsntMoving.md
Unescape View File

@ -1,15 +0,0 @@
# [MFA Isn't Moving](MFAIsntMoving.html)
Clickbait Title: Stop trying to make MFA happen, it's not going to happen
Authentication sucks. And computers suck at authentication. Shadow identities and conceptual identities are complicated. You can't put a person into a computer so identification of a person ends up being by proxy. We have a pretty standard set of proxies - a random number you can remember, a random number on a USB device or phone, and a random number made out of a scan of part of our body. We call these Something You Know, Something You Have, and Something You Are, because it's less depressing this way. We also use exceedingly larger amounts of math to make these numbers harder to guess, and harder to take out of their contexts. These values also get slippery - is your SSH key something you *have* or something you *know*? What about a password that's equivalently long and you store in a file on your computer? Despite their edge cases, it's pretty easy to distinct most of these however, so I wont get too caught up in the weeds.
The important thing is that there's a lot of hatred of Something You Know credentials of late. This generally comes down to someone saying Passwords Are Dead or Passwords Should Die. This generally ends with a call for replacing them with Passkeys, in effect, replacing Something You Know with Something You Have. This almost entirely is justified with chain of custody around credentials. If people don't have passwords, they can't make weak passwords, they can't share passwords, and they can't write them down. This basically comes down to Something You Know being limited by the ease of sharing knowledge, and the limitations of forgetfulness. People make bad passwords. This is a true statement I don't want to argue against.
Despite this, Something You Have has its own set of issues. If there's a shared build user, or an email address that manages support cases, or a user who manages network services, then you already don't have a 1:1 mapping between users and identities. As a sysadmin I might need to be several different identities - some of which do not represent me, but instead represent systems, people, and projects, and what I would rather do is to have access to admin rights and the tools to make the changes to other users without changing my assumed identity, but that's very rarely an option. If my build pipeline can only be invoked by the build user, and I need to become the build user to make that pipeline starts at a weird time. This means that I need credentials for that user.
These alternate credentials are often managed by the idea of chain of custody. If you know what SSH key logged into the build user, you can map that to identities. But what if the system doesn't offer this. AWS only allows one root user, only allows one MFA token on that user. Now you need to manage that MFA credential. If you are in a situation with an AWS root user, then you need to have an MFA token, and pass it between people, having a specific yubikey that changes hands when people go on vacation, or when their shift as root ends. Lots of places I've seen refuse to put MFA on their AWS root account (this is not the place I work, but I've heard of the pattern). Similarily, I have BitBucket pipelines that need to pull repos, manipulate them, and then push them (the main things they're doing is changing versions), and I can't create tokens for that user without logging into it. This means I need to login to the build user sometimes, meaning that credentials need to exist for it, and I and others need them. Shared credentials are bad - but systems don't always give you a choice.
Now, someone I envison could argue that "bad systems wont integrate passkeys" isn't important. Trying to improve the bad systems isn't important, we should improve the good systems. I don't agree. Security is only as strong as its weakest piece, so I think we should look at how we can reform passwords, improve passwords, and build a future where we accept these these things are needed. Something we can easily share, rotate, and move between peoples. We need to keep our authentications able to be fluid around identities, and accept this as a valid way of managing authentication.
This isn't my last statement on this, this is just a first item.

9
src/MFASucks.md
Unescape View File

@ -0,0 +1,9 @@
# [MFA Sucks](MFASucks.html)
MFA Sucks.
I'm sorry, but it's true. Managing tokens and keys is the worst part of security. Nobody can do it and nobody has a good way to do it. Passwords are good because having a single person remember a single thing isn't too hard, most of the time. Even if those people are not always good at keeping those tokens secret or remembering it. On the other hand biometrics are a pain because they're hard to verify, and hard to turn into something a computer can read that can't be faked, and if they're compromised, they can't be changed. And then there's physical tokens, which are very easy to put in the washing machine, create a bunch of e-waste, and add expenses to people's lives. The three kinds of authentication all suck.
Passwords are definitely pretty bad. It's hard to remember them. it's hard to pick good ones, and it's hard to keep them secret. I'm seeing more and more organizations who care about data security [avoid letting you make a password](https://www.404media.co/we-dont-want-your-password-3/). Managing all of these tokens and hashes is a pain. The only advantage that a password has is that it can handle edge cases incredibly well. If the identity being authenticated by the password doesn't match with a single person (deployment user, root account where multiple people might need access, and certain kinds of support account being common examples. Almsot alwaus for situations where someone is being stubborn in how administrator or other rights can be provisioned to an account). In the end, passwords become a necessary evil a lot because they're one of the few tokens that's easy to generate and even they are too hard to handle.
Simiarily, biometrics have never worked as authentication tokens,

5
src/SnakeOilsCost.md
Unescape View File

@ -1,5 +0,0 @@
# [The Cost of Snakeoil](SnakeOilsCost.html)
Snake Oil is a major issue in the security community. This is a major thing in all of the economy right now. A lot of it comes down to the promise that it will be cheaper to Buy and not Build. The core idea that the largest expense a company can have is people, and so, let's have someone else pay the people and get the benefits!
Now, I don't know how that works out in every case. I think the cloud is mostly a method to create vendor dependency and raise the cost of compute as high as it will go, so I don't think it's going well generally. However, I think security is very complicated
Write Preview
Loading…
Cancel
Save