What year is it?
Not so long ago I saw one of the employees of the treasury department with a shitload of those keychains.
Sound about right for a government. No apps, just physical fobs.
It’s an insurance company.
Well, they have a security advantage. I know Google moved over to requiring a USB MFA key for their employees a few years ago, and saw a reduction in successful phishing attacks.
I would imagine one of these fobs is cheaper than a USB key. It also can work without being plugged into a computer, which is good.
Authenticator apps are nice and all, but are not going to provide as much security as one of these. Apps live on people’s phones, and especially if it’s a personal phone, you may not want to trust its security. If it’s stolen or hacked, your multi-factor authentication just got less secure.
If you don’t want personal devices in a building as well, these are useful.
Lots of reasons these are still totally good today!
It’s not good to repeat so many characters in a password. 069420 is much safer.
Unless someone was manually inputting these to try them out, wouldn’t it be all the same if it was repeating or not?
They are making a joke. These dongles usually have 6 random digits, but also a secret, e.g. prefix u need to put before the numbers to login. Otherwise a 6 digit number would never be save ish.
I know I was just thinking out loud that for automated random brute force
I used to have that same token. Thanks for reminding me about my old job.
Same, but fuck that government contractor clusterfuck.
Same but my current job…
Granted. They switched us all to the app instead of the hard token. Which is stupid. And they only allow the hard token for certain scenarios
Used to play a drinking game with coworkers and those tokens. We would pick high or low and whoever had said number on the roll over had to buy everyone a round of drinks.
That sounds great!
You can still do it with any TOTP app on your phone too!
That’s a good point - which of my 14 registrations should I pick, I wonder? 🤮
There was just something much nicer about the tangible decide that an all app can’t come close to
There’s an org in ireland called the RSA (road safety authority) and their logo is really similar to RSAs
You shouldn’t have posted that, I just hacked into your mainframe.
Put this one on my résumé
Hacker: “Heh, you fool. I’m in.”
