undefined | Better HN

0 pointssoheil4y ago0 comments

This looks much more like showmanship than actually improving security. Again I'm not saying security is not improved. Now there are people who are happy they set standards for others to follow and IT managers who can show off to their bosses that they're following security standards like ISO27001 and SOC2. SOC2 standard is set by AICPA, the last A stands for Accountants. Of all people.

0 comments

1 comments · 1 top-level

dboreham4y ago

Certainly there's plenty of hype and herd behavior in this industry, but underlying this is a simple desire: don't allow users to give their passwords to a third party. Or rather, they can do that but the third party won't be able to authenticate because they don't have the smart card or 2FA dongle.

Often there is a requirement in commercial contracts requiring adherence to certain security standards. An example of such a contract is liability insurance.

j / k navigate · click thread line to collapse