Booklordofthedings/Wiki
1
0
Wiki
Page: login_security
Pages
Beef Tips Home MTG Gameplay StorageFormatSyntax login_security scripting security
1 login_security
Booklordofthedings edited this page 2025-07-04 14:09:05 +02:00
Table of Contents

Login Security

Its very important to secure logins. There are several factors to how a login should be secured.

Factors

  • Know: (Password/Pin)

    • Cannot be forcefully revealed
    • Can be phished
    • Tradeoff between security and ease of use (Passwords that are easy to type and remember are insecure)

  • Has: (Biometrics)

    • Can be forced
    • Cannot be lost
    • Limited usage

  • Owns: (Yubikey, Phone)

    • Can be forced
    • Can be lost
    • Difficult to Phish/Phish resistent

  • Has Access to (Password manager, login with)

    • As secure as the service used to login
    • Phishing resistent

Implications

Locally airgapped:
	Type: Passwords, Data Backup
	Security: Know
	Reasons:
		Locally airgapped data can only be accessed physically aka feds,
		anything that isnt knowledge based can be forced or requires an internet connection.
		This is why only encrypted veracrypt containers with passwords should/can be used for this
		type of security.
		This also includes the backup codes for other services.

Local electronic device:
		Type: Phone, Laptop, Desktop
		Security: Know ||  Has
		Reasons:
			This is one of the cases where password complexity comes in as a problem.
			I need to log in very frequently and having to type a long password is very annoying.
			The goto solution is to use biometrics, which also kindof makes the devices vulnerable.
			Also the device itself is hackable from remote, even if I do my best not to have that happen.
			The main solution is to minimize content on those devices and to use full disk encryption
			when possible. So if the device gets shutdown it takes a long password to open,
			but when its already on is quicker to open.

High Agency Accounts:
	Type: Password manager, Mail, Serverhost
	Security: Know && owns || Owns && Access
	Reasons:
		These accounts should be as phishing resistant as possible,
		and since having everything in the password manager is technically only a single factor,
		in the case it gets hacked. Using yubikeys makes it phishing resistant and storing the backup
		codes in a locally airgapped system helps.