[E-trademarks] User verification suddenly required despite being securely logged into MyUSPTO
Carl Oppedahl
carl at oppedahl.com
Thu Apr 18 19:04:13 EDT 2024
On 4/18/2024 4:19 PM, Richard Schafer via E-trademarks wrote:
> But at my previous law firm, the chief security officer had (and I
> think still has) a firm rule prohibiting the use of password manager
> software as unsafe because of the risk that someone might be able to
> break the password vault maintained by the software. I vigorously
> disagreed, citing NIST and others, but was unable to convince him. I
> don’t know how widespread that opinion is.
Keep in mind that Lastpass got compromised. That was what forced me to
migrate away from Lastpass. Now I am using Bitwarden. The person in
charge of security is not wrong to give thought to this.
I have decided that the way to go is this. First, turn on 2FA on every
site that I care about to the slightest extent.
Second, don't entrust the 2FA to the same manager as the one to which I
entrust the passwords. (Bitwarden offers to do both tasks and I
actively chose not to say "yes" to that.)
I entrust my 2FA secrets to WinAuth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240418/cd12b6e3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4514 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://oppedahl-lists.com/pipermail/e-trademarks_oppedahl-lists.com/attachments/20240418/cd12b6e3/attachment.p7s>
More information about the E-trademarks
mailing list