All you 2FA hard token zealots out there saying SMS is worthless because a nation state can pwn it - if a nation state wants your SMS token, they'll get it. They'll beat you up and steal it if you're that important. Stop discouraging orgs from implementing "good enough" security
-
-
Let’s not conflate poor password reset processes and SMS 2FA. Those are two different issues. I’m only taking about 1FA password vs 2FA SMS and Password. The reset is a different debate.
-
I'm conflating them because a huge portion of services that offer "SMS 2FA" let you use SMS as a password reset vector if you provided a number. Thus making it "SMS 1FA".
-
See other reply, you were debating holistic approach and not specific technology. I can agree with that. Cheers.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.