Fixing C's Biggest Mistake
Walter Bright
newshound2 at digitalmars.com
Wed Jan 11 23:39:50 UTC 2023
On 1/11/2023 5:35 AM, Don Allen wrote:
> 1. Steal your password
> 2. Produce the "secret key", which they won't be able to
> 3. Get past 2FA, which they won't be able to
Those are all good things. But it doesn't help you if you download a trojan
version of the manager, or a trojan masquerading as an update. I've also seen
several schemes that outmaneuver 2FA.
Allow me to explain the framing. At Boeing, it was never "that part cannot
fail". It is always framed as "when that part fails, how do we land safely?"
So, *when* your password manager fails, what are you going to do about it?
I'm not singling you out, I'm trying to make a point. Far too many software
developers develop a hubris that they can write software that cannot fail.
Unfortunately, usually someone else is going to have to pay for that mistake.
More information about the Digitalmars-d
mailing list