If I have to pick just one, the dumbest thing Hacker News believes about security is that phishing is a simplistic attack that only unsophisticated users fall for.
-
-
I guess my argument is that it's a process, and moving the bar to auth apps raises that bar. You don't need to outrun the bear, you just need to outrun the people behind you ;) That plus Apple needs a far better nearfield / bluetooth key story
-
It's certainly an economics problem for opportunistic attackers, they are rational and don't want to waste money adding support for 2FA users. That will yield 1% more victims for a lot of work...but when 90% users are 2FA users....
- 3 more replies
New conversation -
-
-
nobody's arguing in favor of SMS 2FA, but an intermediate step of "get people to use authenticator apps". Login pages should indeed prevent trivial scripting though, perhaps forced captcha (or opportunistic "gee where's your javascript interpreter / DOM" captcha) on all?
-
2FA is better than just passwords, because of account stuffing. But U2F is better than other 2FA, because of phishing. Different threats, both extremely serious.
End of conversation
New conversation -
-
-
SMS 2fa is popular because it's a great way of forcing harvesting of phone numbers.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
