• Luci@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    1 year ago

    A username is something you are. It’s you! You are 0xD.
    A password is something you know. A security key is something you have.

    When we interview security analysts you don’t get past the first round if you disagree.

    • feddylemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      If your interview involves telling me a username is “something you are” rather than “something you know”, I’m running away from that job as fast as I can.

      • Luci@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        5
        ·
        1 year ago

        Other people know your username.

        How hard is this?

        • Blueteamsecguy@infosec.pub
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          I guarantee you I know thousands of people’s passwords as well, I just don’t know the username associated.

        • sirfancy@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          3
          ·
          1 year ago

          By this same logic, other people could know your fingerprint since it’s “something you are”. No, other people cannot know your fingerprint. It’s a complex mathematical equation to a computer. This is such a terrible take.

          Source: CASP+ certified.

    • 0xD@infosec.pub
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      No, this username is one of the names I’ve chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that’s too much work. Just imagine me having done that and think about what you just wrote.

      I would be vary of the people agreeing with you on something so basic yet so wrong.

      An authentication factor is a unique identifier that shows that you possess something that others don’t. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren’t). And a password is something you know because… Bla bla bla.

      To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.