A simple password or a pin code does mitigate quick attacks of opportunity using... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		PeterisP on Feb 19, 2020 \| parent \| context \| favorite \| on: Pen Testing Ships. A year in review A simple password or a pin code does mitigate quick attacks of opportunity using lost or stolen physical factor; and adds non-repudiation if someone uses someone else's token - you can't just say "oh we must have accidentally swapped our cards at lunch" if you had to enter their pin as well.

yencabulator on Feb 27, 2020 | [–]

Serious question: How often do such employees/contractors claim to have accidentally swapped keys at lunch?

freeone3000 on Feb 20, 2020 | [–]

Given the existing password hygiene, I think it's more likely that any new PIN or password would be treated in the same manner as the existing ones, and would just be an additional hassle.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact