Can passwordless logins ever exist outside of web applications?
CISO in Software, 51 - 200 employees
Even with YubiKeys, etc., it's like RSA all over again: I used to have boxes of RSA tokens because everybody kept losing them and we were constantly reassigning tokens. So I see that happening with YubiKey as well and other hard code vendors like that.Director of IT in Software, 10,001+ employees
FaceID and TouchID without a password fallback should be possible now with technology. Its always the edge cases that warrants the password as a fallback.Content you might like
crowd strike38%
sentinel one56%
carbon black5%
cynet0%
39 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%
No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%
No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%
I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%
349 PARTICIPANTS
Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
You need to tell people what to expect and what not to expect from IT. We’ve tried to train people to expect that IT will do certain things or make requests which are okay to comply with, but IT will never call you out of ...read more
@Dan Would like to know more about the broken 2FA on the phone assuming that does not use SMS.
SMS, Keys, etc... any of those can physically stolen and/or cloned. The bottom line is no 2FA is bulletproof... but it still does SIGNIFICANTLY increase security, as it increases the risk (of getting caught) and difficulty of the attack (e.g. proximity to the target, stealing something physical all increase the likelihood of getting caught).
So just saying that 2FA is definitely worth the increase in security, however have no illusion that it is bulletproof and can 100% prevent fraud. Know the limitations of your technology, know you're enemy, and know thyself.