Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <26052e16-a941-d9a0-2af6-110cd4b982ff@bestmx.net>
Date: Mon, 4 Jul 2016 13:33:42 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: 2-Factor vs Authentication

On 07/03/2016 07:11 PM, ArkanoiD wrote:

> The common consensus was ....
> SMS+password being better than password alone, thus adding extra layer
> won't hurt.

This is a tremendously extraordinary statement in need of a huge proof.

terms "extra layer" and "better" point to merely a cloud of human feelings.

I can accept the premise for this statement:
adding SMS to password reduces false-positive auth outcomes.
(no matter how much and how needed)

But it also increase false-negative auth outcomes!!!
AND THIS REALLY HURTS.
and I speculate sometimes it hurts the security too.


and after all, as you now witnessing, when a logically inconsistent 
bullshit becomes accepted as a part of an info system, it tends to 
overthrow the logic of the host system and turn it into crap entirely.
Same goes to the password policies.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.