-
My takeaway from this aspect: while @duosec MFA itself was not breached, login/identity/session tokens should really be signed with asymmetric (private) keys, and not symmetric (secret) ones. Even for 1:1 service connections, their trust relationship is usually not symmetric. @schneierblog/1338960156927774720On twitter.com
❤️ 1 Favorite Mood +3 🙂