"Use strong (as in long and/or randomised and impossible to break using rainbow table attacks) password"
Again, since it's just me, this is do-able. But I'm looking for something practical as well. I'm getting the feeling that people don't have an MFA implementation.
"if the users are sufficiently discipline"
As a Sysadmin, I can tell you they genuinely are not and they likely never will be. Hope for the best, plan for the worst.
I also want to clarify that I'm not rejecting any of these suggestions, they're all good.
On Sat, Nov 13, 2021 at 4:42 PM Ralph Seichter ralph@ml.seichter.de wrote:
- Tyler Montney:
Since this is getting increasingly complicated, I wanted to ask before going further. What do you all do? Any recommendations?
Use strong (as in long and/or randomised and impossible to break using rainbow table attacks) passwords which are used only once (!) and kept either in the user's brain or in an encrypted password store. Ensure that authentication data can only be transmitted over encrypted connections.
These measures cover a lot of ground, if the users are sufficiently disciplined. Users are usually the weakest link.
-Ralph