You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 lines
1.7 KiB
9 lines
1.7 KiB
# [MFA Sucks](MFASucks.html)
|
|
|
|
MFA Sucks.
|
|
|
|
I'm sorry, but it's true. Managing tokens and keys is the worst part of security. Nobody can do it and nobody has a good way to do it. Passwords are good because having a single person remember a single thing isn't too hard, most of the time. Even if those people are not always good at keeping those tokens secret or remembering it. On the other hand biometrics are a pain because they're hard to verify, and hard to turn into something a computer can read that can't be faked, and if they're compromised, they can't be changed. And then there's physical tokens, which are very easy to put in the washing machine, create a bunch of e-waste, and add expenses to people's lives. The three kinds of authentication all suck.
|
|
|
|
Passwords are definitely pretty bad. It's hard to remember them. it's hard to pick good ones, and it's hard to keep them secret. I'm seeing more and more organizations who care about data security [avoid letting you make a password](https://www.404media.co/we-dont-want-your-password-3/). Managing all of these tokens and hashes is a pain. The only advantage that a password has is that it can handle edge cases incredibly well. If the identity being authenticated by the password doesn't match with a single person (deployment user, root account where multiple people might need access, and certain kinds of support account being common examples. Almsot alwaus for situations where someone is being stubborn in how administrator or other rights can be provisioned to an account). In the end, passwords become a necessary evil a lot because they're one of the few tokens that's easy to generate and even they are too hard to handle.
|
|
|
|
Simiarily, biometrics have never worked as authentication tokens,
|
|
|