South Africa On Lockdown - Coronavirus - Update!

[sabri at cluecentral.net (Sabri Berisha)]

Hi, 

In my experience, yubikeys are not very secure. I know of someone in my team who would generate a few hundred tokens during a meeting and save the output in a text file. Then they'd have a small python script which was triggered by a hotkey on my macbook to push "keyboard" input. They did this because the org they were working for would make you use yubikey auth for pretty much everything, including updating a simple internal Jira ticket. 

Thanks, 

Sabri 

----- On Mar 23, 2020, at 1:26 PM, Eric Tykwinski <eric-list at truenet.com> wrote: 

> Iâ??ve already been playing with YubiKeys, but sadly Google Titan wouldn't work
> with Windows Hello.
> Might be something I was doing wrong...

> Sincerely,

> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300

>> On Mar 23, 2020, at 4:21 PM, Peter Beckman < [ mailto:beckman at angryox.com |
>> beckman at angryox.com ] > wrote:

>> Software-based TOTP offer more security than no one-time passwords, but
>> admittedly less than the physical tokens. Google Authenticator, Authy,
>> 1Password, LastPass all support TOTP.

>> On Mon, 23 Mar 2020, Alexandre Petrescu wrote:

>>> I dont know where are people about supporting VPN and one-time passwords on
>>> tokens.

>>> At my work place a few people dont have tokens (OTP - One Time PAsswords). The
>>> reserve of these tokens has been exhausted. NEw ones are being on order. Until
>>> then some people cant get on VPN.

>>> Some people forgot their token on their desk and had to to travel to office to
>>> get it, a thing not good to do to go to office now.

>>> Some (not sure) might have issues with syncing these devices. An OTP token has a
>>> certain skew about clock, and a battery that lasts long. Hopefully, one's token
>>> has been synchronised recently and the battery is new. The length of time one
>>> cant go to office might be anywhere between 21 days (announced) and 2 months
>>> (experrience eg in Wuhan still closed). Some times the synching of clock can be
>>> performed remotely, and some 'coin' batteries can be replaced by the person
>>> with skill and tools, could be extracted from a quartz watch for example.

>>> An OTP device can be of many kinds. Some people keep OTPs on paper (I did some
>>> time ago). Some OTP devices are like Japanese 'tamaguchi' format, others like a
>>> credit card format.

>>> Alex, LF/HF 3

>>> Le 23/03/2020 à 20:47, Mark Tinka a écrit :

>>>> On 23/Mar/20 21:20, Peter Beckman wrote:

>>>>> But also:

>>>>> "The categories of people who will be exempted from this lockdown
>>>>> are... those involved in the production, distribution and supply
>>>>> of... telecommunications services"

>>>>> [
>>>>> https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/
>>>>> |
>>>>> https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/
>>>>> ]
>>>>> I think most anyone on this list could be considered exempt.
>>>>> I do hope the same will be true should our respective local and national
>>>>> governments take similar action.

>>>> Yes, a number of "essential services" have been identified as needing to
>>>> continue to operate under special dispensation during the lockdown, and
>>>> telecoms falls within that.
>>>> The details of the implementation of the dispensation may be nuanced.
>>>> Experience will tell us more in the coming days.
>>>> Mark.

>> ---------------------------------------------------------------------------
>> Peter Beckman Internet Guy
>> [ mailto:beckman at angryox.com | beckman at angryox.com ] [ http://www.angryox.com/ |
>> http://www.angryox.com/ ]
>> ---------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200323/e97aa342/attachment.html>