Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 06-16-2021, 02:08 PM   #21
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default
Quote:
Originally Posted by photon View Post
If I get a hardware key I think I'd want to get a 2nd key as a backup, so will be the same question.

I don't have a bolted down safe in my house, but that's an option. Are safety deposit boxes still a thing?
Getting a 2nd hardware key is strongly recommended on the yubikey website and for the price of them, a no brainer.

Safety deposit boxes very much still a thing. That's a great idea. I think you'd want to treat keys the same as backups. One local and one offsite. Although I have no idea what the cost is for a SDB, the small ones can't be much.

**edit**

just looked up pricing (RBC), they range anywhere from $60 to $500 annually.
Last edited by GoinAllTheWay; 06-16-2021 at 02:11 PM.
GoinAllTheWay is offline   Reply With Quote
The Following User Says Thank You to GoinAllTheWay For This Useful Post:
Old 06-17-2021, 10:23 AM   #22
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default
If you have an iPhone you can backup your authenticator to icloud. This helps if you are switching phones. The most common cases of losing authenticator access is when you buy a new phone.
Hack&Lube is offline   Reply With Quote
Old 06-17-2021, 10:26 AM   #23
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default
Quote:
Originally Posted by GoinAllTheWay View Post
Well that's interesting.....we currently RDP into work through a VPN but no MFA. I should bring this up ASAP. I assume that's the MS Authenticator you use for that? Is that an app or hardware based?
Yes, someone who has compromised an internal employee password can then jump straight into the internal corporate network unless VPN is protected by MFA or zoned off.

There are lists of employee passwords on the dark web and employee passwords can be easily compromised by simple email phishing attempts or by weak passwords. I don't know what your work password policy is but over a decade I have seen everybody us Spring2021, Summer2021, etc. style passwords for everything due to the quarterly password expiry.
Hack&Lube is offline   Reply With Quote
Old 06-17-2021, 12:58 PM   #24
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default
Quote:
Originally Posted by Hack&Lube View Post
I don't know what your work password policy is but over a decade I have seen everybody us Spring2021, Summer2021, etc. style passwords for everything due to the quarterly password expiry.
Ya, those drive me nuts. My personal PW peeve is when people then write it down on a post-it note and stick it on their monitor

I did a ton of reading last night on authenticator apps. Isn't the idea behind backing up the codes for various sites you are using the authenticator on a bad idea? I get the importance of the backup codes but how is backing them on to the cloud protected? Seems like a pretty big hole to me.
GoinAllTheWay is offline   Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 05:01 AM.
Calgary Flames
2023-24



Contact Us - Calgarypuck Forums - Unofficial Calgary Flames Community - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021