What do you think this is?

just thoughts of a restless mind...

Securing administrative access with MFA

Securing administrative access with MFA

Now that multi factor authentication is gaining ground I thought I would write a simple guide on how to secure administrative access with MFA on Linux systems. The solution is simple and based on Google Authenticator. The good thing with Google Authenticator is that it’s a typical TOTP/HOTP solution and as such does not require any internet connectivity on either the server or the client.
The configuration examples provided are more or less appropriate for openSUSE Leap 15 and Ubuntu 18.04 LTS

Read more ...

Tagged in : linux, security, access control, two-factor authentication

When multi-factor will not save you

When multi-factor will not save you

There is a lot of discussion lately about multi-factor authentication and how this will upgrade everyone’s security. Indeed, it is an improvement and it was about time we start becoming more conscious about the security issues related to authentication.
As usually though, these discussions generated a lot of confusing and “why it didn’t work” moments when we see cases such as Reddit’s hack in August of 2018.

Read more ...

Tagged in : security, social engineering, risk management, two-factor authentication