undefined | Better HN

0 pointsbigmac8y ago0 comments

Folks need to worry about being able to protect more than just passwords. Engineers should be doing a good job of protecting SSNs, phone numbers, home addresses, etc. Crypto-anchoring can help for the general case of protecting sensitive information, not just passwords. `select *` shouldn't give anything in your infrastructure bulk access to sensitive information. The 'cryptographic' thing here is per-record encryption.

0 comments

tptacek8y ago

I think tokenizing services are a very good idea in general. I just think there are easier and more effective ways to handle the AuthN problem.

j / k navigate · click thread line to collapse

0 comments

tptacek8y ago

I think tokenizing services are a very good idea in general. I just think there are easier and more effective ways to handle the AuthN problem.

j / k navigate · click thread line to collapse