That's exactly what I want, but across the whole internet, oh ... • Aaron Parecki

Blaine Cook https://twitter.com/blaine • Feb 12
My company uses your company. I have one password, don't use a password manager, and can access every service I need to do my job, and I can do that extremely securely.

That's exactly what I want, but across the whole internet, oh and maybe drop the password too 😅

Portland, Oregon • 25°F

Fri, Feb 12, 2021 7:12am -08:00

9 replies
Have you written a response to this? Let me know the URL:
- Blaine Cook twitter.com/blaine
  
  We don't need fancy new standards at this point [for most use-cases]. What we need are security-focused product and design folks to adopt the things that already exist, and have done for many years. But that means the infosec world pointing to the solutions and saying "use these"
  
  Fri, Feb 12, 2021 10:42pm +00:00 (via brid.gy)
- Blaine Cook twitter.com/blaine
  
  For sure. Two things: 1. I still see lots of people say "password managers are enough", and I profoundly disagree and think that sentiment holds us back. 2. I've been doing this (casually) for ~14 years at this point and while there's been some progress, it's not nearly enough.
  
  Fri, Feb 12, 2021 10:41pm +00:00 (via brid.gy)
- Nick Gamb twitter.com/NickCGamb
  
  This has been an interesting thread to follow for me. I have a question. What makes folks think that the security industry is not building solutions these issues? We can create great new solutions all day long but we can't force product owners to adopt them.
  
  Fri, Feb 12, 2021 7:17pm +00:00 (via brid.gy)
- Blaine Cook twitter.com/blaine
  
  Yes. As long as we don't try to fix wide-scale problems, people will be subject to those wide-scale problems. And I'm *not* suggesting that everyone use okta, in case that wasn't clear.
  
  Fri, Feb 12, 2021 3:23pm +00:00 (via brid.gy)
- Gus Andrews twitter.com/gusandrews
  
  But the likelihood is that most people won't be using Okta, won't just have one password, and will re-use their password. Using one password puts most people at ongoing risk, which for some people (human rights workers, domestic violence survivors) is more extreme than others.
  
  Fri, Feb 12, 2021 3:21pm +00:00 (via brid.gy)
- Blaine Cook twitter.com/blaine
  
  Yes. 😉
  
  Fri, Feb 12, 2021 3:19pm +00:00 (via brid.gy)
- Gus Andrews twitter.com/gusandrews
  
  you mean "one password" here, not "1password," right?
  
  Fri, Feb 12, 2021 3:16pm +00:00 (via brid.gy)
- Blaine Cook twitter.com/blaine
  
  ... which is why my narrative is so harsh on infosec approaches and the people responsible for doing this stuff. We just have to *do* it.
  
  Fri, Feb 12, 2021 3:16pm +00:00 (via brid.gy)
- Blaine Cook twitter.com/blaine
  
  😁 I am 100% okay with one password. It's actually way easier than 2FA or device-based auth (the battery in my phone sucks). I think this is achievable! Frankly, beyond using it every day, I built and deployed it 7 years ago. So I know it's achievable.
  
  Fri, Feb 12, 2021 3:15pm +00:00 (via brid.gy)

Posted in /replies using indigenous.abode.pub/ios