The thing I don't like is most 2FA token generators. Ultimately you need to transfer the polynomial that generates the code. Most do that with a QR image. Well so much for security! Others have a one time emergency code. Of course we are talking evil maid attacks, which granted is an unacceptable
"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"
Again, since it's just me, this is do-able. But I'm looking for something
practical as well.
I'm getting the feeling that people don't have an MFA implementation.
"if the users are sufficientl
* Tyler Montney:
> Since this is getting increasingly complicated, I wanted to ask before
> going further. What do you all do? Any recommendations?
Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) passwords which are used only once (!) and kept
either
It seems to me that Oauth weakens security. You allow some other system into your system. Are you running your own email server? I see you are using Gmail for the listserv.If you run your own server there are other steps I would take first other than MFA, though MFA would be the best. Geofencing a
With the world of ransomware as it is today (aka attacks seem more vicious
and commonplace), anything I expose to WAN must have additional protection.
I've seen a few posts to this list on it. The only thing that helped was
that Dovecot supports OAuth. Through OAuth I figure I could implement MFA.