Internal Twitter Credentials Used in DNS Hack, Redirect (opens in new tab)

(wired.com)

9 pointssteve___16y ago6 comments

6 comments

5 comments · 2 top-level

jbyers16y ago· 3 in thread

Three little words I want to hear from every one of our service providers in 2010:

Multi-Factor Authentication

(We're a Dynect customer too.)

thaumaturgy16y ago

I'm not a tremendous fan of multi-factor authentication yet. The idea is nice, but really it just adds a second password to the mix, and if the person can't get one password right...

My bank for example uses multi-factor authentication. Two of the three possible initial questions ask for a color. Let's see ... black, blue, yellow, green, red...

mtrichardson16y ago

That's not multi-factor authentication.

True multi-factor authentication involves a combination of something you know (eg, your password), something you have (your phone, a fob, etc.) and something you are (generally biometric things, which for obvious reasons haven't picked up too much).

Multiple security questions are just additional things-you-know, and as such, aren't multifactor.

1 more reply

ams611016y ago

Multi-Factor as I usually understand it is based, ideally, on "something you have" (e.g. an RSA token, your fingerprint, etc) and "something you know" (a password/passphrase).

Your example sounds like two "something you know" factors, which is really just a more complex password.

wendroid16y ago

perhaps the twitter employee that used "password" as his admin password forgot to change it on all his websites

j / k navigate · click thread line to collapse