All you 2FA hard token zealots out there saying SMS is worthless because a nation state can pwn it - if a nation state wants your SMS token, they'll get it. They'll beat you up and steal it if you're that important. Stop discouraging orgs from implementing "good enough" security
-
-
Replying to @MalwareJake
My wife
@ktgrok taught me this “Don’t let perfect be the enemy of good.” It’s a guiding principal in every security decision I make.2 replies 1 retweet 29 likes -
"2FA" that's really SMS 1FA, which almost all "SMS 2FA" really is, is not "perfect being enemy of good". It's much much worse than password-only 1FA.
3 replies 0 retweets 2 likes -
You’re gonna need to sell me on that one. Not everyone has a threat model where they are getting SIMs cloned or numbers ported, everyone does have a threat model where passwords get stolen or reused. I can’t see how SMS 2FA does not provide some additional protection.
1 reply 0 retweets 2 likes -
"Random person decides they want to destroy your life" should be part of everyone's threat model, especially if you're not male, straight, cis, conventionally male-presenting, and white.
2 replies 0 retweets 1 like
And if you have accounts that control any assets of value, takeover of them absolutely needs to be a big part of your threat model.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.