June 18, 2019 at 12:00 am
Comments posted to this topic are about the item Segments for Protection
June 18, 2019 at 12:06 pm
For logins I'd like to see tools for the users to see if their account has been logged in recently and the locations of their logins.
412-977-3526 call/text
June 18, 2019 at 1:39 pm
If your organization uses Azure Active Directory, then maybe it's visible to you somewhere in the portal. For personal Microsoft Live accounts, there is a Recent Activity feature where you can see device ID / location / datetime from where your login was used. These two types of account use the same platform but I think work differently, at least by default. Maybe ask your system administrator.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
June 18, 2019 at 1:45 pm
My concern is more for the hundreds of accounts I rarely log into but have been created so I can access a feature or a benefit of an account.
I'd also like to have read only credentials that I could use to access my accounts when I don't need to do transactions, i.e. look up a credit card balance or charge.
412-977-3526 call/text
June 18, 2019 at 3:26 pm
In most places where I've worked, to access some of the more important production database servers, even as a sysadmin, it is required to login to a MFA protected VPN and then RDP into a gateway server or VM. I never considered it an inconvenience. But it's good not only for security, it's also good from a disaster recovery perspective, because if I lose for forget my laptop, I can always login via VPN to the secure production gateway from any PC and have all the tools and connectivity required to get essential tasks done.
Our work laptops, the surface area where all of our web browsing, email, and development occurs, we should considered these things as un-trusted thin clients.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
June 18, 2019 at 3:39 pm
MFA = Multi Factor Authentication?
412-977-3526 call/text
June 18, 2019 at 4:25 pm
MFA - Multi factor.
Having read only access is good, but having a read only account is hard. Then I have doubled my attack area, as well as increased the demand on software developers to ensure features are checking for read access. I don't know that we'll get existing software enhanced unless a system is of high enough use that we worry about scale out. In that case, having a read intent specified in every action makes sense.
That doesn't help security, as we often can still have access for read/write. In the case where accounts get compromised, having a second account, with perhaps a related password or the one compromised, means we still have issues. The bigger point is that most of the time we allow too much direct access to systems.
June 18, 2019 at 6:23 pm
It would also be nice if they could tell me when I create an account how long it will remain active.
Should I be able to force a renewal annually?
412-977-3526 call/text
June 19, 2019 at 6:34 pm
It would also be nice if they could tell me when I create an account how long it will remain active. Should I be able to force a renewal annually?
That is interesting. An expiration date. Really, what I'd like is a lock if some account isn't used in a long time. Let's say 200 days. If there is a login, then renew the account automatically. If it's in use, I wouldn't want any expiration.
If it expires, just lock it. Never remove it.
June 20, 2019 at 3:56 pm
This was removed by the editor as SPAM
June 20, 2019 at 4:57 pm
This was removed by the editor as SPAM
June 20, 2019 at 5:00 pm
I have over 250 logins I track.
I posted the list of sites here: https://sterbalssundrystudies.miraheze.org/wiki/Logins_I_track (the list was considered spam as part of my comment)
June 25, 2019 at 5:40 pm
It's probably not a good idea to post a list of all the websites where you have a login.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
June 25, 2019 at 5:43 pm
It would also be nice if they could tell me when I create an account how long it will remain active. Should I be able to force a renewal annually?
If a website leverages a 3rd party login provider like Microsoft or Google, then you get multi-factor authentication, centralized ID management, login history, etc. Maybe that's what you're asking for.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply