Unless your job is cutting-edge research where you are truly making new scientific discoveries and methods, you're just combining other peoples' ideas into a new unique package and selling it.

The truly valuable work is to notice that there is an underserved market and figure out how to meet their needs.

The organisation will never change their ways unless they get bad publicity or have to spend so much money that their c-suite gets involved.

I would be wary of trying to negotiate the payment upwards in case you are accused of extortion; just explain you'll disclose publicly in 30 days, which is more than enough time to fix what I assume is a web app backend bug. You don't want them dealing with this kind of issue as a feature to be implemented when there's space in one of the future sprints.

They may try at this point to negotiate the payment upwards, which is a matter for you and your conscience, but I would say that if you don't get something close to 100k, it's likely to be swept under the rug internally and they'll never learn from their mistakes.

Given that most people are cracked wide open if their password manager is compromised, I do feel it's sensible for a password manager to insist on 2FA, but the email chicken and egg problem is a concern for those migrating, and hopefully they backed up their recovery codes.

[0] https://learn.microsoft.com/en-us/powershell/module/defender...

You could also provide another implementation that implements Cloudflare's zero trust authentication [1].

[0] https://github.com/vouch/vouch-proxy

[1] https://developers.cloudflare.com/cloudflare-one/identity/au...

In other words, I don't think I'd want to actually take responsibility for authentication these days and use an authenticating proxy. The less security infrastructure you have, the less there is to go out of date.

You can always start with this approach and then implement your own built-in user directory later.

If you've used one, you might know that you can easily talk to a smart speaker even when it is playing very loud music, it's the same idea.

This video explains more quite well: https://www.youtube.com/watch?v=spUNpyF58BY

In a similar vein, a startup will be very happy to talk about how valuable it is, except when it comes to talking to tax authorities, whereupon suddenly their shares are borderline worthless.

Comments URL: https://news.ycombinator.com/item?id=39352331

Points: 1

# Comments: 0

I would rather use Terraform's Kubernetes or Kubectl module for this. Are there any pros or cons I should consider?

I think one of the key things I like about it is that Terraform will show me what it plans to change whereas Helm doesn't (last time I checked)

They're best known for being an identity provider but they do have a password manager product[0], which is what I think OP is referring to.

[0] https://www.oktapersonal.com/

Seems like you answered your own question. While it is less secure, my password safe is synced across all devices. I can also easily share passwords with my family members and I can assist them with lockout issues. I don't think there's a nice solution for this with Keepass.

Also, a typical implementation is that the decryption is performed on your device. I don't think you send your key material to the provider but I don't know about all of them.

It is certainly a "keys to the kingdom" issue as you noticed, and I don't put 2FA reset credentials in the same place for example.

However the killer feature of Git is the ecosystem. I was always having to do lots of custom work to get Mercurial to work with CI providers, whereas Git just worked and had first class support. It was clear after a while that our team would always be outsiders if we continued down that path, and there wasn't enough of a compelling reason to stay with Mercurial.

Personally, I chose Mercurial to start with, because I liked the Windows tooling available and it felt a lot more like Subversion, which is what I used previously.

However, Git won the mindshare war in the end, so I moved over to that.