Fellow sysadmins, developers, devops and users

Do you really use another factor in multiple/two factor authentication?

#security #infosec

Follow

@solene I wonder how many people who answered "I use my phone" actually have the recovery codes in password manager.

@jonn @solene

Ha! Interesting question. I did that, many moons ago, but eventually switched to not using recovery keys. If I am forced to save them, I'll just throw them away.

Never ever needed them and I don't see that changing.

@h3artbl33d @solene foreword: I don't like the application of technology, I think that has demonstrably failed. Word: I lost like 5 XBT and refused to give them to me. I also lost access to the github account that I made when I was a young adult and I'm sad about it because it had a badass handle.

@jonn @solene

Uhhh - sorry but what is the link between the subject and this reply?

@h3artbl33d @solene I lost the access to second factor and gor locked out like an idiot.

@jonn @solene

Oh right. I think I did not read your post properly and for that I am sorry.

Mistakes can happen - even for the most seasoned sysops. Personal story: many years ago, I've lost important data of others - due to multiple factors that took everything down like a house of cards.

I did a whoopsie, entering the wrong command,
Due to a bug, it didn't ask for decent confirmation (it should),
Then began a long and painful recovery of three days, without sleep,
While it was restoring backups, a new run started, replacing the old backups which were still in progress.

I did had an offline backup, which was older. Effectively zapping a limited number of parties back in time. The party that suffered the most was actually the most forgiving. Still a client to this day.

While off-topic, the tl;dr: shit hapens. Being prepared for the worst of the worst might save your buttocks one day.

Sign in to participate in the conversation
Doma Social

Mastodon server of https://doma.dev.