2FA is neither necessary nor sufficient, and it's a tradeoff on risks. Very wrong for many users' threat models.
The real challenge is to both CYA and get better default security for users who don't make choices while not adding risks for users who do.
-
-
Especially since the users who are thinking about these risks and tradeoffs are the ones for whom security is the most important.
-
If your threat model includes an abusive partner or parent who will confiscate your 2FA device, you need an option not to use 2FA.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.