On the contrary - perfect security is only possible if your system is an inert rock. Or not even then, as the users could still use the rock "wrong" by beating security maximalists over their heads with it.
Also honestly TIL that TOTP are somehow supposed to also enforce a single copy of the backing token being in existence. That's not just bad UX, that feels closer to security overreach.
People in tech, especially software and security folks, tend to miss the fact that most websites with 2FA already put a heavier security burden on their users than anything else in real life. There's generally no other situation in peoples' lives that would require you to safely store for years a document that cannot be recovered or replaced when destroyed[0]. 2FA backup codes have much stricter security standard than any government ID!
And then security people are surprised there's so much pushback on passkeys.
--
[0] - The problem really manifest when you add lack of any kind of customer support willing to or capable of resolving account access issues.
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH)
Of course kerberos tickets can be abused too in a lot of fun ways, but on a modern network PTH is pretty much dead and a surefire way to raise a lot of alerts
(You are absolutely right that privileged accounts must never login on less privileged assets, however!)
Yeah...we just went through this process over here. I was more just making the point that "If its possible to use a system wrongly which undermines its security, it is already broken" isn't always true. I guess you could argue its NTLM there thats 'already broken', but the idea was more "SysAdmins are sometimes given red buttons to never press under any circumstances."
On the contrary - perfect security is only possible if your system is an inert rock. Or not even then, as the users could still use the rock "wrong" by beating security maximalists over their heads with it.
Also honestly TIL that TOTP are somehow supposed to also enforce a single copy of the backing token being in existence. That's not just bad UX, that feels closer to security overreach.
People in tech, especially software and security folks, tend to miss the fact that most websites with 2FA already put a heavier security burden on their users than anything else in real life. There's generally no other situation in peoples' lives that would require you to safely store for years a document that cannot be recovered or replaced when destroyed[0]. 2FA backup codes have much stricter security standard than any government ID!
And then security people are surprised there's so much pushback on passkeys.
--
[0] - The problem really manifest when you add lack of any kind of customer support willing to or capable of resolving account access issues.
This is how we get sites that block software tokens and only allow a whitelist of hardware based tokens.
You mean "hardware based token", because of course we only know of only one brand and specific make.
There is no system which cannot be used wrongly in a way which undermines it’s security.
OP:
> the fact that people often use it wrong undermines its security
Yes, that is what I am replying too.
That applies to everything.
1 reply →
I can chuck a brick at your head. Clearly the brick is broken
Breaks are meant to be built with, not thrown at heads.
If you build with the brick properly you will have a great wall, if you dont then it will fall down. Pretty simple.
Pass-The-Hash attacks exist and the only real countermeasure is to never log into user machines with privileged credentials
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH)
Of course kerberos tickets can be abused too in a lot of fun ways, but on a modern network PTH is pretty much dead and a surefire way to raise a lot of alerts
(You are absolutely right that privileged accounts must never login on less privileged assets, however!)
Yeah...we just went through this process over here. I was more just making the point that "If its possible to use a system wrongly which undermines its security, it is already broken" isn't always true. I guess you could argue its NTLM there thats 'already broken', but the idea was more "SysAdmins are sometimes given red buttons to never press under any circumstances."
I mean, TOTP is one of the earliest 2 factor systems, and works least well.