Cybersecurity

5443 readers

61 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

MFA soon compulsory for AWS users, passwordless authentication an option (www.csoonline.com)

submitted 3 months ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

AWS account holders can now use FIDO2 passkeys as an authentication method.

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 3 months ago (1 children)

tbh this might be a good thing (not talking about amazon)

as it normalizes MFA/2FA/TOTP
- which would help increase adoption
  - and therefore it would increase users' security hygiene

[–] Anticorp 3 points 3 months ago (2 children)

2FA is cool for things that are important, like my bank account, or probably my AWS account. We don't need it for everything and it's pretty annoying when rinky dink little websites force it on us.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (1 children)

of course👍

the sites that would benefit users the most from implementing these would be those that retains user sensitive information:

shopping
banking
sns
medical

[–] [email protected] 3 points 3 months ago (1 children)

What is sns?

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

ah that's my bad that's probably an accidental Koreanism

"SNS" is commonly spoken in Korean news when referring to Social Networking Sites

[–] [email protected] 4 points 3 months ago (1 children)

Rinky dink little websites should use federated logins, imo.

[–] Anticorp 4 points 3 months ago* (last edited 3 months ago)

Like Discus, Facebook, or Google? The problem with that is then you have another big ass company tracking everything you're signed up to and selling your data.

[–] [email protected] 4 points 3 months ago

It says in the article that this won't apply to org member accounts yet, but I wonder how it'll work eventually. Member accounts created via account factory don't even have a password, so you have to go through email account recovery to set one and then set up MFA. If this only applies to root users with passwords, that's fine, otherwise I hope account factory will get a way to set up PW/MFA on a generated root user.