It doesn't work. The problem we have is that passwords can be phished, the solution to that is not to add a second phishable password called a "token". Is it better than nothing? Eh, in the unlikely event that you're a password re-user but not vulnerable to phishing, I guess?
-
-
This Tweet is unavailable.
-
Tough call, I think SMS 2FA might be worse than nothing. I don't know what authy is, but unless it's U2F it probably has similar properties.
2 replies 0 retweets 0 likes -
This Tweet is unavailable.
-
Did you read the announcement? The user thought SMS 2FA was secure, and it got them compromised. They were misled, no?
2 replies 0 retweets 0 likes -
This Tweet is unavailable.
-
Replying to @sir_firenewt @petersongeorged and
No, different argument. In order to open a locked door an attacker needs to demonstrate a new capability: ability to pick locks. In order to defeat 2FA an attacker needs a capability they've already proven they have, ability to phish credentials.
1 reply 0 retweets 1 like -
This Tweet is unavailable.
-
Replying to @sir_firenewt @petersongeorged and
I have no idea what argument you're making with this lock analogy. I *think* you're trying to say "the perfect is the enemy of the good", a very common argument from the SMS 2FA crowd. That argument only works if there is any good, and I don't see any.
3 replies 0 retweets 1 like -
This Tweet is unavailable.
Yeah, why not? Phishing and credential theft is a problem, U2F is a perfectly reasonable solution. It doesn't solve all problems, but it does solve the ones it aims to.
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.