Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One company doing a bad job does not mean it's impossible or even uncommon to do a good job. Also, if you wanted to hedge against Okta... feel free. You can U2F 2FA your services behind Okta or in front of it. We use GSuite SSO, but everywhere we can set 2FA outside of it we do so.


> does not mean it's impossible or even uncommon to do a good job.

The only way one can reach this conclusion is by ignoring all the breaches / CVEs that happened in large companies during the past few years.

Nowadays I just assume every company is crap at security unless proven otherwise.


I'm pretty up on my breaches :)

Yes, most companies are bad at security. Some aren't though. The problem right now is figuring out which ones are - there's very little signal.


While true, Okta isn't some minor player that we can just wave away like this. I bet lots of other similar big companies will have similar issues - this is about much more than just their technical merit.


> One company doing a bad job does not mean it's impossible or even uncommon to do a good job.

We all know it is very uncommon to do a great job. Everyone has been breached sooner or later. Any anyone who has worked in engineering or security in tech companies knows how often security concerns are underprioritized far behind more visible but less important work.

Hedging is a good answer. Relying on a single point of failure that, if it ever fails open, will expose everything at once? Not a smart idea.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: