this post was submitted on 11 Jun 2024
28 points (100.0% liked)

Cybersecurity

5617 readers
288 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
 

AWS account holders can now use FIDO2 passkeys as an authentication method.

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 4 months ago (1 children)

tbh this might be a good thing (not talking about amazon)

  • as it normalizes MFA/2FA/TOTP
    • which would help increase adoption
      • and therefore it would increase users' security hygiene
[–] Anticorp 3 points 4 months ago (2 children)

2FA is cool for things that are important, like my bank account, or probably my AWS account. We don't need it for everything and it's pretty annoying when rinky dink little websites force it on us.

[–] [email protected] 5 points 4 months ago* (last edited 4 months ago) (1 children)

of course👍

the sites that would benefit users the most from implementing these would be those that retains user sensitive information:

  • shopping
  • banking
  • sns
  • medical
[–] [email protected] 3 points 4 months ago (1 children)
[–] [email protected] 2 points 4 months ago* (last edited 4 months ago)

ah that's my bad that's probably an accidental Koreanism

[–] [email protected] 4 points 4 months ago (1 children)

Rinky dink little websites should use federated logins, imo.

[–] Anticorp 4 points 4 months ago* (last edited 4 months ago)

Like Discus, Facebook, or Google? The problem with that is then you have another big ass company tracking everything you're signed up to and selling your data.

[–] [email protected] 4 points 4 months ago

It says in the article that this won't apply to org member accounts yet, but I wonder how it'll work eventually. Member accounts created via account factory don't even have a password, so you have to go through email account recovery to set one and then set up MFA. If this only applies to root users with passwords, that's fine, otherwise I hope account factory will get a way to set up PW/MFA on a generated root user.