Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Internal Twitter Credentials Used in DNS Hack, Redirect (wired.com)
9 points by steve___ on Dec 18, 2009 | hide | past | favorite | 6 comments



Three little words I want to hear from every one of our service providers in 2010:

Multi-Factor Authentication

(We're a Dynect customer too.)


I'm not a tremendous fan of multi-factor authentication yet. The idea is nice, but really it just adds a second password to the mix, and if the person can't get one password right...

My bank for example uses multi-factor authentication. Two of the three possible initial questions ask for a color. Let's see ... black, blue, yellow, green, red...


That's not multi-factor authentication.

True multi-factor authentication involves a combination of something you know (eg, your password), something you have (your phone, a fob, etc.) and something you are (generally biometric things, which for obvious reasons haven't picked up too much).

Multiple security questions are just additional things-you-know, and as such, aren't multifactor.


Ah, thanks, you're right.

My bank's website specifically calls it "multi-factor authentication", and I never bothered to double-check the term.


Multi-Factor as I usually understand it is based, ideally, on "something you have" (e.g. an RSA token, your fingerprint, etc) and "something you know" (a password/passphrase).

Your example sounds like two "something you know" factors, which is really just a more complex password.


perhaps the twitter employee that used "password" as his admin password forgot to change it on all his websites




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: