"... practise good password hygiene and enable two-factor authentication to protect your account ..."
Shouldn't that be ".. OR enable two-factor authentication ..." ?
GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login …
Not being funny, but what are you doing The Register ?
Are you *ever* going to get a phone ?
I can understand Joe Public holding out from having a (I presume you mean) smartphone.
But a nominal techie ? Surely you should be - to a certain degree - leading your customers. Not following them.
I'm not a late adopter of technology as you're making out. I'm just between burners right now.
Smartphones are bad technology. They're slow and power hungry, impossible to secure, can't be trusted on the LAN. Literally ALL "apps" are both useless and malware. Their slow input, clumsy interfaces, and lack of tactile feedback limits the bandwidth between thought and action.
I also think you've got it backwards. Choosing not to have a smartphone is a privilege Joe Public can no longer access. Not having one is for elite techies who can arrange other ways of contacting their infrastructure, and don't want or need to be contacted AFK.
Last weekend I was walking along a beach promenade. A group of young chavettes wearing swimwear had their smartphones tucked into their bikinis. Apparently that's where the smartphone fits into our society.
"Apparently that's where the smartphone fits into our society."
Someone on another site had a comment appros of this
(paraphrased, I can't remember where i read it):
-Back in the seventies, if the government insisted all citizens carried a tracking device, it would have sparked major protests. Today people spend hundreds to own one, for the convenience of online access.-
Well, in his defense, I have a phone but seldom carry it as I hate the "leas" effect. I also will never give out that number to any site. Too much hacking, stealing credentials, spam, etc. result. I used to on an old phone but it soon filled with all sorts of what I can only describe as garbage. Not worth it.
FTR, my current phone is not a smartphone. But still.. giving the masses including so-called "legitimate" companies my number is just imprudent. I'm done being someone's product if I can help it.
Github users are technically competent to handle client-side browser certificates.
The defacto standard of HTML form based passwords has always been a hack. Give browsers a user friendly interface to handle client-side certs, plus synchronisation between a user's devices, and passwords, phone codes, all that bullshit can go away.
Yeah, usually factor one = something you know, factor two = something you have. You need to know your username, password, other identifying information; you need to have a physical USB key, or the correct phone to receive a login code on, or a properly associated token generator. If your bank is like mine then login is one factor but adding a new account payee requires the second factor of a card reader and debit card.
Multiple pass-phrases is just an attempt to prevent you from using the same password as everywhere else, I'm guessing as I type, and entering the 3rd, 9th and 6th characters is probably a protection against key loggers?
Too many people will have one complicated password that they've committed to memory, then use it everywhere.
One compromised site later, they're wide open to hackers online.
Better to have simpler passwords (But Not stupidly common ones) unique to each site.
Much better to use a password manager that stores the encrypted passwords on your own machine. Secure it with a complicated password committed to memory, and keep a hardcopy of all passwords in hardcopy, somewhere safe, just in case something happens to your machine.
(Learned that last lesson the hard way, when the computer crashed mid backup, and managed to trash the backup as well as itself. Murphy is a bitch!)