Amazon Forces Password Reset For Some Users - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Amazon Forces Password Reset For Some Users
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 11:07:26 AM
Re: Re
All in favor of that as well. :)
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 11:06:24 AM
Re: Re
I personally like to hunt them down and destroy their hardware with an axe.

But, that's just me.

<g>
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 10:58:59 AM
Re: Re
That's the goal of pretty much any security improvement, electronic or physical. Nothing is perfectly safe, so we have to settle for getting as close as we can. The harder I am to hack, the more likely someone will pick an easier target. I can't stop the hacker, but I can try to keep the target off of me.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 10:56:53 AM
Re: Re
Yes, I agree with your last sentence. it makes it harder to gain entry.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 10:46:18 AM
Re: Re
Agreed that no system removes all possible failure points. The goal is to reduce failure points to the minimum that is acceptable for each situation. Passwords are not a good means of securing anything, and they haven't been for years. While specific individuals may feel comfortable that they are using sufficiently complex passwords, changing them often enough and using each password in only one place, that doesn't describe the vast majority of the population.

The text coming to me might get copied by a Stingray type of device, but someone would still need my password at the same point in time. The code expires within a minute or so, so timing is critical.

The advantage of multifactor authentication is that at least two avenues must be compromised at the same time in order to gain access. It's not going to protect 100%, but it certainly reduces the likelihood of a breach down to considerably less than 1%. If someone doesn't have a smartphone and can't use an authenticator app, then SMS is the option. It may not be hack-proof, but it certainly makes the job a lot harder for someone to get unauthorized access.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 10:39:13 AM
Re: Re
Ok but that allows a mitm with the carrier as the point of failure. Like if a Stingray device was in use. Not that it's likely you understand, but possible. I just don't think any security method can always be relied on, even something like MFA
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 9:56:20 AM
Re: Re
All 2-factor services I've seen also allow users to receive codes via SMS. Just about everyone can receive a text message. That's the fallback if the device with the authenticator app isn't available or isn't synced properly anyway.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 9:54:32 AM
Re: Re
Sure if they have a device that can use something like Google Authentcator. The problem is that not everyone has such a device.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 9:09:34 AM
Re: Re
I would recommend that users enable 2-factor authentication anytime it's available from a provider. That's a relatively simple step that reaps huge gains in security of personal and financial data.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 9:08:05 AM
Re: Re
Yes a good idea as well
Page 1 / 2   >   >>


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll