Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Computer security requires humans to do 500,000 things perfectly, and one slip up means everything they did was worthless. It turns out, humans aren't perfect. The result is inevitable: there is no such thing as computer security.


On the one hand, yes.

On the other hand, a 15 months old token that's still alive... that's pretty damn incompetent.


Yeah but my point is they probably did the other 499,990 things right, but will get no credit for it.


This isn't an individual issue, this is an organizational systemic issue. It isn't on the individual to "do better" or not make mistakes. Even if they had made a PAT, there should be an org level policy that PAT tokens can only last x-days where x is very short (as an example, PAT tokens should be banned).


Not allowing long-lived, powerful tokens is so basic that I'm skeptical they did very much right.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: