Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 04 Jul 2016 15:25:49 +0300
From: Ark Arkenoi <>
To: "" <>,
Subject: Re: 2-Factor vs Authentication

Yes, exactly: it was meant to massively reduce false positives, while keeping false negatives acceptably low.

BTW sms was much less reliable back those days and inter-operator issues happened all the time.

Sent from my BlackBerry 10 smartphone.
  Original Message  
Sent: Monday, July 4, 2016 14:34
Reply To:
Subject: Re: [passwords] 2-Factor vs Authentication

On 07/03/2016 07:11 PM, ArkanoiD wrote:

> The common consensus was ....
> SMS+password being better than password alone, thus adding extra layer
> won't hurt.

This is a tremendously extraordinary statement in need of a huge proof.

terms "extra layer" and "better" point to merely a cloud of human feelings.

I can accept the premise for this statement:
adding SMS to password reduces false-positive auth outcomes.
(no matter how much and how needed)

But it also increase false-negative auth outcomes!!!
and I speculate sometimes it hurts the security too.

and after all, as you now witnessing, when a logically inconsistent 
bullshit becomes accepted as a part of an info system, it tends to 
overthrow the logic of the host system and turn it into crap entirely.
Same goes to the password policies.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.