Interesting Links for 28-07-2019

Jul. 28th, 2019 09:26 pm
andrewducker: (Default)
[personal profile] andrewducker
Wind is outpacing coal as a power source in Texas for the first time
(tags:windpower Texas USA renewables )
Boris Johnson 'absolutely' rules out election before 31 October Brexit deadline
(tags:politics UK elections Europe doom )
Thousands without mobiles (or, worse, signal) could be frozen out of online payments
(tags:security phones banking UK europe )
US border official testifies that a 3-year-old might be a national security threat.
(tags:OhForFucksSake children immigration )
In case anyone was wondering what to get me for my birthday
(tags:penis walking )
Why are violent brawls breaking out on cruise ships?
(tags:alcohol holidays ocean ship )
"My (25M) subs (23F, 26F, 22M, 28M, 28M) have unionized"
(tags:relationships bdsm funny unions )
HS2: hated by some, halted in parts, but still making progress
(tags:hs2 trains transport uk )
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2019-07-29 10:19 am (UTC)
drplokta: (Default)
From: [personal profile] drplokta
Banks shouldn’t even be using SMS messages to authenticate users — the NIST in the US recommended against that in guidelines issued three years ago. It’s too easy to hijack someone’s mobile number. They should be freezing out everyone who doesn’t have a smartphone that can run an authenticator app (or a dedicated authentication device, which the banks should be sending to customers without smartphones).

Date: 2019-07-29 10:20 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
Yup. Should be TOTP.

Date: 2019-07-29 10:25 am (UTC)
drplokta: (Default)
From: [personal profile] drplokta
These days it should be OATH (which includes TOTP as a subset).

Date: 2019-07-29 10:27 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
I shall go and do some reading!

Date: 2019-07-29 10:45 am (UTC)
channelpenguin: (Default)
From: [personal profile] channelpenguin
Do you mean OAuth ? https://en.wikipedia.org/wiki/OAuth
Edited Date: 2019-07-29 10:46 am (UTC)

Date: 2019-07-29 11:13 am (UTC)
channelpenguin: (Default)
From: [personal profile] channelpenguin
I am a tad confused as to if OAuth is an implementation of OATH or not: "OAuth is also distinct from OATH, which is a reference architecture for authentication, not a standard for authorization. "

Frankly I loathe having to do with authentication, but it is EXACTLY what I am working on rigth now, making our backend automatically use refresh tokens as appropriate (Or maybe inappropriate - I wish I knew enough to say for certain in this particualr case...)

Date: 2019-07-29 11:15 am (UTC)
andrewducker: (Default)
From: [personal profile] andrewducker
I don't think so.

Take a look at the standards at https://openauthentication.org/

Date: 2019-07-29 11:26 am (UTC)
drplokta: (Default)
From: [personal profile] drplokta
No, I mean the unrelated (other than that they both concern authentication) OATH.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

andrewducker: (Default)
andrewducker
My NotZen Website

June 2025

S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15161718192021
22232425262728
2930     

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 16th, 2025 12:06 am
Powered by Dreamwidth Studios