Date: Mon, 04 Jul 2016 15:25:49 +0300 From: Ark Arkenoi <ark@...ex.net> To: "e@...tmx.net" <passwords@...ts.openwall.com>, passwords@...ts.openwall.com Subject: Re: 2-Factor vs Authentication Yes, exactly: it was meant to massively reduce false positives, while keeping false negatives acceptably low. BTW sms was much less reliable back those days and inter-operator issues happened all the time. Sent from my BlackBerry 10 smartphone. Original Message From: e@...tmx.net Sent: Monday, July 4, 2016 14:34 To: passwords@...ts.openwall.com Reply To: passwords@...ts.openwall.com Subject: Re: [passwords] 2-Factor vs Authentication On 07/03/2016 07:11 PM, ArkanoiD wrote: > The common consensus was .... > SMS+password being better than password alone, thus adding extra layer > won't hurt. This is a tremendously extraordinary statement in need of a huge proof. terms "extra layer" and "better" point to merely a cloud of human feelings. I can accept the premise for this statement: adding SMS to password reduces false-positive auth outcomes. (no matter how much and how needed) But it also increase false-negative auth outcomes!!! AND THIS REALLY HURTS. and I speculate sometimes it hurts the security too. and after all, as you now witnessing, when a logically inconsistent bullshit becomes accepted as a part of an info system, it tends to overthrow the logic of the host system and turn it into crap entirely. Same goes to the password policies.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.