Having trouble following what attack you're imagining, once attacker has logged in they get an authentication token that they use for whatever attack you wanted. Stealing money, reading email, whatever. That is not a high bar.
True, but the solution isn't just to use snakeoil instead, right?
-
-
I *guarantee* you that statistically you have reduced attack surface and attack success rate with authenticator apps. Will you ever prevent mossad from logging into your GMail if they reeaaaalllly want to? Nope.
-
Imagine an 2FA competitor called BFA, "Banana Factor Authentication". With BFA, 1% of users have to type the word "banana" into a form field. I guarantee you that will reduce attack success rate too, is that an incremental improvement to security?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
