Difference between revisions of "Talk:2677: Two Key System"
| Line 7: | Line 7: | ||
Although I think this extends well beyond 'merely' "passwords" (in all their forms and combinations, from PINs to fingerprints!) I've taken the general feeling so far seen here in Talk and bulked up the explanation with the allegorical connections that ''might'' be the source of inspiration for the comic. And if you gave me the time to do it, I'd put an awful lot more (strange, really, I was often tired of rewriting SOPs to reflect the latest best-practices in 2FA/3FA when that was actually a big part of my job! "What you know/What you have/What you are"...) and without skipping over huge chunks. But (even if some bits get cut back down again) I think I've added value and maybe some narrative flow to the initial explanation, which was ok but perhaps not even how I would have arranged it (having then tried to preserve that skeleton arrangement of ideas). Darnit, I now sound full of myself. That's just me winding down from a big hot-edit that maybe even was too big, and anxiously awaiting someone else doing an even better total-rewrite/summary, regardless of what I just splurged there... ;) ((But, to clarify, the comic never mentions passwords. Highly likely it is (keys!) but it could be more wider ranging development issues. I'm sure I'll understand the moment someone clues me in on some other scope that this might actually reference.)) [[Special:Contributions/172.70.90.245|172.70.90.245]] 22:00, 26 September 2022 (UTC) | Although I think this extends well beyond 'merely' "passwords" (in all their forms and combinations, from PINs to fingerprints!) I've taken the general feeling so far seen here in Talk and bulked up the explanation with the allegorical connections that ''might'' be the source of inspiration for the comic. And if you gave me the time to do it, I'd put an awful lot more (strange, really, I was often tired of rewriting SOPs to reflect the latest best-practices in 2FA/3FA when that was actually a big part of my job! "What you know/What you have/What you are"...) and without skipping over huge chunks. But (even if some bits get cut back down again) I think I've added value and maybe some narrative flow to the initial explanation, which was ok but perhaps not even how I would have arranged it (having then tried to preserve that skeleton arrangement of ideas). Darnit, I now sound full of myself. That's just me winding down from a big hot-edit that maybe even was too big, and anxiously awaiting someone else doing an even better total-rewrite/summary, regardless of what I just splurged there... ;) ((But, to clarify, the comic never mentions passwords. Highly likely it is (keys!) but it could be more wider ranging development issues. I'm sure I'll understand the moment someone clues me in on some other scope that this might actually reference.)) [[Special:Contributions/172.70.90.245|172.70.90.245]] 22:00, 26 September 2022 (UTC) | ||
| + | |||
| + | Just to add something 'from the old days' (n.b., probably still applies to many non-web server logins, just rarer in more ubiquitous weblogins) is that any system that forces users to regularly change their passwords also tended to encourage the use of "Password1", "Password2", "Password3", sequentially (well, at least then you had a recent password to refresh in your mind), as they ''at least'' disallowed the immediate reuse of the last current password to replace itself, and possibly 'remembered' a number of past incarnations. But you tend not to get that feature (forced change/no reuse) on much of the modern infrastructure. It tends to focus more on a general form ("use special characters/uppercase!", as well as minimum lengths), which doesn't preclude bad 'sequential' practices (if you're even needing to do that) if you get ever "g!b³riZh1", "g!b³riZh2", "g!b³riZh3" started, then compromised by whatever means or reason... [[Special:Contributions/172.70.85.49|172.70.85.49]] 22:45, 26 September 2022 (UTC) | ||
Revision as of 22:45, 26 September 2022
Ah, for many long moments, I thought the "dual-key-turner" was a "dual-key-cutter" (but that it was a silly implemention, anti-parallel coaxial positioning of key blanks needs a complicated (pantograph?) cutting-heads system, more so than with parallel and adjacent blanks of any number). But now I'm on the right track and I laugh at the correct joke, and can think of any number of developments in safe (as in not 'forgotten') and secure (as in not misappropriated) password use that went into and out of the various "convenience for user"/"security for systems" modes, often mutually exclusive to the other mode. 172.70.90.61 15:33, 26 September 2022 (UTC)
I've long been annoyed that I can't use password auto-fill on Chrome's online password manager webpage. Barmar (talk) 16:36, 26 September 2022 (UTC)
Do you remember how banks were all "two-factor authentication" when we used to access them from computer and made us use the phone for confirmation? And how they don't seem to mind now when the bank can be completely controlled just from the (smart)phone? -- Hkmaly (talk) 20:35, 26 September 2022 (UTC)
Although I think this extends well beyond 'merely' "passwords" (in all their forms and combinations, from PINs to fingerprints!) I've taken the general feeling so far seen here in Talk and bulked up the explanation with the allegorical connections that might be the source of inspiration for the comic. And if you gave me the time to do it, I'd put an awful lot more (strange, really, I was often tired of rewriting SOPs to reflect the latest best-practices in 2FA/3FA when that was actually a big part of my job! "What you know/What you have/What you are"...) and without skipping over huge chunks. But (even if some bits get cut back down again) I think I've added value and maybe some narrative flow to the initial explanation, which was ok but perhaps not even how I would have arranged it (having then tried to preserve that skeleton arrangement of ideas). Darnit, I now sound full of myself. That's just me winding down from a big hot-edit that maybe even was too big, and anxiously awaiting someone else doing an even better total-rewrite/summary, regardless of what I just splurged there... ;) ((But, to clarify, the comic never mentions passwords. Highly likely it is (keys!) but it could be more wider ranging development issues. I'm sure I'll understand the moment someone clues me in on some other scope that this might actually reference.)) 172.70.90.245 22:00, 26 September 2022 (UTC)
Just to add something 'from the old days' (n.b., probably still applies to many non-web server logins, just rarer in more ubiquitous weblogins) is that any system that forces users to regularly change their passwords also tended to encourage the use of "Password1", "Password2", "Password3", sequentially (well, at least then you had a recent password to refresh in your mind), as they at least disallowed the immediate reuse of the last current password to replace itself, and possibly 'remembered' a number of past incarnations. But you tend not to get that feature (forced change/no reuse) on much of the modern infrastructure. It tends to focus more on a general form ("use special characters/uppercase!", as well as minimum lengths), which doesn't preclude bad 'sequential' practices (if you're even needing to do that) if you get ever "g!b³riZh1", "g!b³riZh2", "g!b³riZh3" started, then compromised by whatever means or reason... 172.70.85.49 22:45, 26 September 2022 (UTC)
