Album on lemmy.ca, beehaw.org, shit.itjust.works & lemmy.world

  • 0 Posts
  • 8 Comments
Joined 1Y ago
cake
Cake day: Jun 07, 2023

help-circle
rss

Yeah honestly I might go really light on some of these topics in the model like just defining them and then doing like an RCSA afterwards.


Threat modeling is cool and all but does nothing to assess whether or not you’re managing your risks effectively. But it will help you to understand your risks and what to focus on.


Yeah, that’s basically right. With an opening line like mine (a formula), we’re basically dealing in typical reddit/lemmy pedanticism.

I (somewhat ironically now) specifically chose the words MFA over 2fa when saying “mfa-1” as to be most encompassing from the get go because yes:

  • the truest definition of MFA is =>2
  • there are cases where the factors are multiple things you have and/or are (like private keys and pass keys, and biometrics)

i do agree the 1st factor in a situation where its multiple factors is generally and common practice to be something you know.


MFA is not necessarily only 2 factors and single factor is not necessarily a password.



It’s all dependent on what you’re doing and how. Like if you use Facebook you’re fingerprinted to the tits.

The granularity depends on examples like that.

But something a bit more benign and not as granular would be finger printing you based on the timezone your browser offers up. It’s not as basic as like “-7 GMT” since the iso list can go down to the state and or country. So if in your OS you picked “America/Houston” a lot of browsers will pony that up without hesitation.

How many more bits of data until you know what city I’m in, Street I’m on. Etc. And there’s tons of ways to derive that data over time.

https://browserleaks.com/ is an interesting example that can show all the bits of data your browser can give up.

And of course you can lock lots down given the right tools.


Web Location tracking has not been fully based on IP registration data for quite some time.


Yes and 100% isn’t 100%

People and their batteries though… It’s a futile obsession for some. It doesn’t matter how much science or logic you throw at them there’s always something.

Like how fast charging hasn’t for some time done like a full max rate for the entire time to keep heat within tolerances but still some people think doing the work themselves is somehow better thermal management than modern battery controllers to the point they think it will make a material difference.