this post was submitted on 26 Jun 2024
298 points (95.7% liked)

Cybersecurity - Memes

1964 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
298
If only it was that easy (i.imgur.com)
submitted 4 months ago by TehBamski@lemmy.world to c/cybersecuritymemes@lemmy.world
52 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] boredsquirrel@slrpnk.net 3 points 4 months ago (1 children)

Btw with TOTP the server has your secret credentials too, pretty crazy.

[–] jj4211@lemmy.world 6 points 4 months ago (1 children)

Yes, shared secret based, but not a big deal because it is machine generated and unique per account. The 'server has your credential' is only a problem if the credential is reused across services. If you have access to read TOTP secrets from the server, you probably don't need those TOTP secrets to further compromise the service.

But webauthn/passkey is a better approach. Properly managed SSH keys are good too, but folks aren't too happy about how ssh keys are commonly pretty lax. Client certificates similarly would have worked, but never took off. Similar story for smartcards.

[–] boredsquirrel@slrpnk.net 1 points 4 months ago* (last edited 4 months ago)

I am in the process of buying a Nitrokey 3 Mini!

Gonna test some stuff, like Secure Element LUKS encryption on my old Thinkpad