Careful: you need a 2FA scheme that isn’t susceptible to phishing. Authenticator codes and SMS’s are just as easy to phish as passwords.
Someone only has to solve it once, and then the phishing kit will be updated. If the phishing kit doesn't work, nobody will buy it, so they have no choice but to invest in a solution.
-
-
it's only valid security if you can actually get people to do it. I am supremely unconvinced hardware 2fa on a smartphone, and *particularly* iOS -- crosses that threshold today. In five years? maybe.
-
"hassle people about u2f" plus "give up on literally everything else in security that offers incremental improvements" is not a winning combo in my book. Cue "why not both gif girl"

- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
