I keep running into the same problem and I’m curious how others here are solving it. Imagine you need to give an accountant, contractor, or even an automated script temporary access to a financial or SaaS account, but you don’t want to hand over the actual username and password or store it in a password manager vault that becomes a single point of failure. MFA helps but it doesn’t solve delegation, and rotating credentials constantly breaks workflows. With breaches and password leaks becoming routine and AI agents now needing access too, the whole model of shared secrets feels fundamentally broken. Is anyone here experimenting with post-password or zero-trust style access where permissions can be granted, monitored, and revoked without exposing credentials at all, or is everyone still duct-taping solutions together?
[link] [comments]
from hacking: security in practice https://ift.tt/HKU1jrJ
Comments
Post a Comment