Sure, it can (depending on if backed by hardware) prevent cookie from being used on another machine...but what attack are you imagining that can't be executed from the compromised machine instead? This is my main sticking point.
A claim I largely agree with - while there are some places 2FA helps (and many it hurts!), the big problem is people storing passwords in their brains or on paper rather than in a PW manager that knows not to enter them in places it shouldn't.
-
-
So that's reality (I'm referring to people's behavior) that you can't argue with; by the same token(!) security architects would like to avoid token disclosure without relying on factors they don't control/know
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
