Date: Mon, 4 Jul 2016 13:33:42 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: 2-Factor vs Authentication On 07/03/2016 07:11 PM, ArkanoiD wrote: > The common consensus was .... > SMS+password being better than password alone, thus adding extra layer > won't hurt. This is a tremendously extraordinary statement in need of a huge proof. terms "extra layer" and "better" point to merely a cloud of human feelings. I can accept the premise for this statement: adding SMS to password reduces false-positive auth outcomes. (no matter how much and how needed) But it also increase false-negative auth outcomes!!! AND THIS REALLY HURTS. and I speculate sometimes it hurts the security too. and after all, as you now witnessing, when a logically inconsistent bullshit becomes accepted as a part of an info system, it tends to overthrow the logic of the host system and turn it into crap entirely. Same goes to the password policies.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.