this post was submitted on 03 Jul 2024
113 points (91.9% liked)

Linux

48375 readers
1049 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 60 points 4 months ago (2 children)

If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}

Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

[–] [email protected] 11 points 4 months ago

or reused ~~somewhere~~ everywhere ~~at some point~~ constantly

[–] [email protected] 8 points 4 months ago (1 children)

I agree with you. If i had to add my password everytime I’d just add my personal account to sudo group.

Good security works with people, not against them.

[–] [email protected] 3 points 4 months ago

SELinux has left the chat.