[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] help - how do I log into learnstreet without ...

Subject: [ale] help - how do I log into learnstreet without ...
From: justgold79 at gmail.com (Justin Goldberg)
Date: Wed, 17 Apr 2013 07:51:52 -0400
In-reply-to: <CAOy4Vzc-X-JoY5LFP4RvNbe=u70SZiQhTvPgGdzvwn9gcTvvhA@mail.gmail.com>
References: <[email protected]> <CAAt=rgCp5TbbH1BqNrCNSqdy7RdxJ50YG2yn-Wzw-tAgE8v3TQ@mail.gmail.com> <[email protected]> <CAEo=5PzJG11Z0+zqMWpAM7U0y90fexhhLUt_wrjvdfkWAtNd2g@mail.gmail.com> <[email protected]> <[email protected]> <CAOy4Vzc_hy=SFvFe=CipSa8XOyfjFOjkb=e_EYRa6nazszpWdw@mail.gmail.com> <[email protected]> <CAOy4Vzc-X-JoY5LFP4RvNbe=u70SZiQhTvPgGdzvwn9gcTvvhA@mail.gmail.com>

On Fri, Mar 29, 2013 at 1:59 PM, David Tomaschik
<david at systemoverlord.com>wrote:

> On Fri, Mar 29, 2013 at 6:39 AM, Michael B. Trausch <mbt at naunetcorp.com>wrote:
>
>> On 03/28/2013 09:26 PM, David Tomaschik wrote:
>> > This is true, but it also provides *one provider* who you need to trust
>> > with security, not every site.  You can run that provider yourself with
>> > OpenID.  So, OpenID (or centralized authentication in general) reduces
>> > the attack surface, but increases the damage from a successful attack.
>>
>> I'm surprised at you, David!  Such a blanket statement.  That also
>> depends on what one has in place to _mitigate_ compromise.  I think that
>> anyone who puts any system in place and then does not plan for it to be
>> compromised is missing the whole point of security.  Assume it will
>> break.  Mitigate what can happen when it does.
>>
>
> Assuming you have >1 service using that OpenID provider, the damage from
> compromising the OpenID account is, by definition, more than a compromise
> of one of those accounts.  I never said that it results in a complete loss
> of control.
>

I know this is an old email, but it was sitting in my drafts for awhile.

This is where two-factor systems come into play. For example, myOpenID will
call your phone number to verify whenever you login to your account. It
even has a voice-print security feature, but I'm not sure if that really
adds any extra security or is junk science.



<SNIPPED>

>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130417/52f00e03/attachment.html>

Prev by Date: [ale] Netflix drops Silverlight, moves to HTML5
Next by Date: [ale] VCS this weekend?
Previous by thread: [ale] Netflix drops Silverlight, moves to HTML5
Next by thread: [ale] VCS this weekend?
Index(es):
- Date
- Thread