Geek-Guy.com

Month: April 2019

Comment on Two-factor Authentication Is Not Dead by Khurt Williams

Hi John,
The lack of responsible technical journalism is one of the challenges facing practitioners of solid security risk management. I’ve advised clients and consumers to enable MFA for every service where’s this is possible, and using SMS wherever a software/hardware token is not possible. If neither is available, \the best I can advise is an extremely lengthy password.

I think you are correct to state that solid risk assessment principles are necessary to match the mitigating controls to the risk; probability of occurrence is part of the calculation of risk. This element of information security is often ignored by many articles. Perhaps it’s a part of the old ways of thinking of security where “perfection” was expected and every and all risk was to be avoided.

Comment on Two-factor Authentication Is Not Dead by Khurt Williams

Hi John,
The lack of responsible technical journalism is one of the challenges facing practitioners of solid security risk management. I’ve advised clients and consumers to enable MFA for every service where’s this is possible, and using SMS wherever a software/hardware token is not possible. If neither is available, \the best I can advise is an extremely lengthy password.

I think you are correct to state that solid risk assessment principles are necessary to match the mitigating controls to the risk; probability of occurrence is part of the calculation of risk. This element of information security is often ignored by many articles. Perhaps it’s a part of the old ways of thinking of security where “perfection” was expected and every and all risk was to be avoided.