|
|
|
|
|
|
by mnm1
3306 days ago
|
|
|
'Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services, arguing that they are the digital equivalent to an organization putting all of its eggs in one basket.' So it's better if that single point of failure the company puts all its eggs into is a hacked piece of shit by an engineer who couldn't build a secure login system if his life depended on it? This is a serious question and one that I've been struggling with at my current work and at every other job I've had in this industry without exaggeration. Plaintext passwords, passwords encrypted with an easily obtainable key, insecure hashes, no salts, etc. These things are the norm in DIY login schemes. This is what the quoted financial fraud analyst thinks is better and Krebs thinks is worth repeating? This should be the main point of discussion here, yet it's brushed off by the advice of a financial fraud analyst? Oh, our industry is fucked and I just lost a ton of respect for Krebs' reporting. |
|
|