Arynn Crow

MFA is for everyone - it’s a foundational security practice that everyone benefits from. Proud to be part of an organization that embraces security by design and default. Read our blog to see what’s changing for MFA in AWS in 2024 aws.amazon.com/blogs/security…

@kurulounge People can grow and learn a pretty shocking amount in 6 years time when they apply themselves. Particularly if she found a niche.

I am not going to mention any names but I found out today that a person I worked with is now working as a cybersecurity consultant for some pretty big corporations. I know this person and 6 years ago she didn't even know how to assign 800-53 controls and now she is a consultant

2024 Kim Cameron awardee Matthew Spence articulates how technologists grapple with differences and complexity over time. A great joy of DIAF's mission is bringing new voices into #DigitalIdentity digitalidadvancement.org/news/2024-kim-…

@notatrollorbot @editingemily A lot of women were “managing” by a thread. Or foregoing higher pay, promotions, etc. in order to balance their children’s needs.

I will die on the hill that RTO hurts families with young children the most — and mothers above all when mom is still the default caregiver. Don’t make people choose between their kids and their careers.

@MalwareJake SMS is as fine as any other OTP authn.

What cybersecurity opinions do you have that you absolutely won't compromise on? I'll start: there shouldn't be entry level cybersecurity positions on incident response teams any more than there should be entry level surgery positions on heart transplant teams.

@br_ttany Putting in a vote for Seattle - excellent proximity to a wealth of urban entertainment as well as beautiful nature activities.

Settle a debate. If you love NYC, but don't want to live there with two little kids, where in the world would you move to? Looking to get culture + walkability + diversity + energy but more habitable for children (parks, schooling, museums, etc).

Getting to send so many talented young professionals to EIC and Identiverse this year was a real privilege - and now you can hear from them how it went! Check out Suprit’s reflection on EIC 2024. #diaf #identiverse #identity digitalidadvancement.org/news/2024-kim-…

@colmmacc Context matters here, I think. Competition could be immoral when the “prize” is a basic standard of living, for example. And the best outcome for someone who does evil could be not a reward, but just/fair (vs excessive) punishment that reduces likelihood of harm to others.

"We want the best for everyone" sounds like a great moral and political principle, but it's equivalent to "competition is immoral" or even "evil people deserve good outcomes". That contradiction ought to be glaring, but it took me a long time to see.

@HiiJax @SwiftOnSecurity OTP can be solved programmatically, so it doesn’t offer much protection to the business against bad actor created accounts doing fraud. Of course, it still helps when the bad actor is attempting to compromise a legitimate user’s account.

@SwiftOnSecurity Ok but my question is why do I need to answer a captcha if I'm just gonna be asked for a OTP anyways? A robot isn't gonna open up my authenticator app

My favorite thing about the modern recaptcha stuff is normies will have absolutely no fucking idea why a robot couldn't just click the box

@colmmacc So sorry you are impacted, Colm. I hope you are able to get to your loved ones soon.

What a day! Been up all night helping recover Windows customers impacted by the Crowdstrike issue and I'm supposed to have two Delta flights today to join my family, with the first take off at 6AM. Currently still a global ground stop. Really missing my wife and kid!

Who’s got good learning resources (books or otherwise) on privacy tech? Differential privacy, federated learning, etc. 📚

Red teamers:

ICYMI: AWS Expands MFA Requirements, Boosting Security and Usability with Passkeys🔑 Learn more! Read the article! 👉 fidoalliance.org/aws-expands-mf… #passkeys #MFA #security 😀

@breki74 Yes, I am sure. I’ve reached out to the team to clarify this post. In the meantime, please do consider filing a case with support if feasible so we can collect additional information about your issue.

@arynncrow Are you sure it's not expected? repost.aws/questions/QUci…

So the geniuses at Amazon decided two-factor authentication is not good enough for them, they want the third factor. From now on you cannot use Yubico keys for AWS MFA without entering a PIN for the key repost.aws/questions/QUci…

@ottokruse @mitsuhiko Passkeys don’t provide attested provider identifiers today, or may not provide identifiers consistently, so whether or not a website chooses to display detailed names is dependent on a few factors. But we can absolutely share that feedback with the right teams.

@mitsuhiko Have an iPhone? Otherwise guessing safari. But this is madness ! Should be a more recognizable name than that. Who do we know on that side @arynncrow

Passkeys are probably the worst thing that happened in the last few years. Apparently Amazon auto enrolled me into a passkey and now I have no idea which device’s passkey that was :-/

Strong security can be hard to grasp—but with #AWS, it’s all within reach. 💻☁️🔒 AWS Identity & Access Management supports passkey as a second authentication factor—so you can use your fingerprint, face, or pin for more secure sign in across devices. 🔗 go.aws/4aWGxaX

Raising the bar for security is inherently customer obsessed. I am so pleased to share both the expansion of our MFA requirements, and the launch of #passkeys for AWS IAM. Everyone should use some form of MFA, and now, it’s even easier to pick the most secure option. Use #FIDO2!

How I know I’m not done with NYC: after 6 weeks around the world, seeing the silhouette of the Empire State Building crest over the horizon still fills me with the sense of warmth and gratitude that it always has. Even if the traffic doesn’t. Nearly back to my own bed!

Last week, I got to tell the #identiverse community a bit about the strategic dimensions of successfully influencing an organization to enforce MFA. But why work hard without some fun? Capped off the week with a helicopter ride through the Grand Canyon - what a beautiful treat!

@jonlehtinen magnificent monster 🥲

@arynncrow …if folk are painting on planes, I’m gonna bring out my harmonica and keep attempting to reverse engineer the Mario64 Slide theme

We need to call a meeting. Someone on this plane (high turbulence) is painting with open tins of paint on their tray table. I feel like in terms of shameful things to do on a plane this is somewhere below clipping your toenails but above taking your shoes off (*with socks on).