Jerry 🦙💝🦙

I forgot one…

A user name and password counts as two factor authentication. It requires a name AND a password

Jun 7, 2024 at 12:56amWeb
Show threadAndres JalintonJun 7, 2024
@jerry
That makes the SMS code the third authentication factor, nice!
Show threadD C RossJun 7, 2024

@jerry I have a name, I know my password and I am interested in logging in. That's something I have, something I know and something I am.

Three factor authentication, baby.

Show threadMans RJun 7, 2024
@deeseearr @jerry Proper authentication uses five factors: something old, something new, something borrowed, something blue, and a silver sixpence in your shoe.
Show threadD C RossJun 7, 2024
@mansr @jerry
And your password should contain two named characters who have a conversation about something other than a man.
Show threadMans RJun 7, 2024
@deeseearr @jerry What about bears?
Show threadPatrick TownsendJun 7, 2024

@jerry
Yeah, as you know, if you hang out in the security space long enough you will hear the most credulous BS about authentication. There really needs to be an "Alice in Wonderland" written for security.

The funniest thing for me is when a customer would send us their PGP private key thinking we would need it to unlock their logs. Uh, no.

Show threadGuillaume RossJun 7, 2024
@jerry If you spell user name with a space isn’t it 3FA then?
Show threadChrisJun 7, 2024
@jerry especially if the username is your SSN
Show threadAndrew 🚲Jun 7, 2024
@jerry I have two middle names so I am extra secure.
Show threadBill BernardJun 7, 2024
@jerry ok but my name is everywhere, how do I keep that secret?
Show threadBrent CookJun 7, 2024
@jerry as long as you rotate your username regularly, sounds good to me
Show threadVissJun 7, 2024
@busterb @jerry and fingerprints!
Show threadShawn K. O'SheaJun 7, 2024

@jerry something you have and something you know.

A post-it with the password and the fact it’s located under the keyboard.

Show threadKluthulhu' XOR 1=1--Jun 7, 2024
@jerry Something you are AND something you know 😏
Show threadsigi714Jun 7, 2024
@jerry While the username is knowledge, the password is my dogs name and therefore counts as possession factor.
Show threadAnssi KolehmainenJun 7, 2024
@jerry I once sent a company wide email on evening of March 31st that we would be implementing new security measure: daily randomized usernames. All users would need to log in to website to see what their username would be for the next day.
Show threadScott Jun 7, 2024
@jerry
something you have: a keyboard
something you are: human
something you know: you require access
Show threadBernard QuatermassJun 7, 2024

@jerry for werewolves and vampires, your name and your bite pattern

Tooth factor authentication

Show threadgh0sti Jun 7, 2024
@jerry hot take right here.