• 0xD@infosec.pub
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    1 year ago

    A username is not something “you are”, it’s something “you know”. Biometrics are not nearly the same as usernames.

    • Luci@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      4
      ·
      1 year ago

      A username is something you are. It’s you! You are 0xD.
      A password is something you know. A security key is something you have.

      When we interview security analysts you don’t get past the first round if you disagree.

      • feddylemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        If your interview involves telling me a username is “something you are” rather than “something you know”, I’m running away from that job as fast as I can.

        • Luci@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          5
          ·
          1 year ago

          Other people know your username.

          How hard is this?

          • Blueteamsecguy@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            I guarantee you I know thousands of people’s passwords as well, I just don’t know the username associated.

          • sirfancy@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            By this same logic, other people could know your fingerprint since it’s “something you are”. No, other people cannot know your fingerprint. It’s a complex mathematical equation to a computer. This is such a terrible take.

            Source: CASP+ certified.

      • 0xD@infosec.pub
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        No, this username is one of the names I’ve chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that’s too much work. Just imagine me having done that and think about what you just wrote.

        I would be vary of the people agreeing with you on something so basic yet so wrong.

        An authentication factor is a unique identifier that shows that you possess something that others don’t. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren’t). And a password is something you know because… Bla bla bla.

        To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.