samthegeek’s avatarsamthegeek’s Twitter Archive—№ 57,350

      1. So uh. You should probably have IT do a video call with an employee + their manager to reset MFA tokens. Yes, all of the employees who lose their MFA. josephfcox/1403339739852279814
        Permalink On twitter.com Twitter logo samthegeek’s avatar ❤️ 1 Favorite Mood +1 🙂
    1. …in reply to @SamTheGeek
      You can’t (yet) do a real-time deepfake, and any in-band verification you have to assume is compromised. Company directory that lets you update your own photo? Or an HR team that is trusting of whatever emailed photos they get? Not usable.
      Permalink On twitter.com Twitter logo samthegeek’s avatar Mood 0
  1. …in reply to @SamTheGeek
    You especially need to have the manager on the call — or someone who *you trust* who has seen the user’s face before. People will make a fake ID to get into your company’s systems. They’re cheap!
    On twitter.com Twitter logo samthegeek’s avatar Mood -2 🙁