this post was submitted on 22 Nov 2023
499 points (98.6% liked)
Technology
59207 readers
2924 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A username is not something "you are", it's something "you know". Biometrics are not nearly the same as usernames.
A username is something you are. It's you! You are 0xD.
A password is something you know. A security key is something you have.
When we interview security analysts you don't get past the first round if you disagree.
If your interview involves telling me a username is "something you are" rather than "something you know", I'm running away from that job as fast as I can.
Other people know your username.
How hard is this?
I guarantee you I know thousands of people's passwords as well, I just don't know the username associated.
By this same logic, other people could know your fingerprint since it's "something you are". No, other people cannot know your fingerprint. It's a complex mathematical equation to a computer. This is such a terrible take.
Source: CASP+ certified.
No, this username is one of the names I've chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that's too much work. Just imagine me having done that and think about what you just wrote.
I would be vary of the people agreeing with you on something so basic yet so wrong.
An authentication factor is a unique identifier that shows that you possess something that others don't. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren't). And a password is something you know because... Bla bla bla.
To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.