To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
This Tweet is unavailable.
-
You’re right. No one I seen disagrees that this was always possible...but widespread adoption of U2F is a ways off. And SMS, TOTP, etc protect everyone *TODAY* against password stuffing which is an order of magnitude more common than phishing.
2 replies 1 retweet 7 likes -
You're saying it protects all the password re-users who aren't vulnerable to phishing? All three of them?
1 reply 1 retweet 3 likes -
No. If I go with nothing but U2F there is only a small number of users today that can/will use it. Those users are protected from everything. Great. What do I do for the rest? Today offering U2F & SMS, but with the ambition to remove SMS in the future when U2F is widespread.
1 reply 0 retweets 1 like -
Hmm, I think we're on the same page for the final goal, but it kinda seems like saying "I can't afford antibiotics for everyone today, so placebos will have to do for now".
1 reply 0 retweets 2 likes -
It’s like saying let’s stop him from dying from fever first with water and paracetamol, then let’s treat the underlying problem.
1 reply 0 retweets 2 likes -
Well, so long as we're on the same page that you didn't solve the problem.
1 reply 0 retweets 1 like -
But where we disagree is disparaging services that offer SMS today. The message I advocate for: - add U2F support - make it the default for vulnerable users. - Make it accessible (software keys?). Maybe even ship them keys. - deprecate Sms.
1 reply 0 retweets 1 like
Yes, we do disagree on that. Homeopathy is just harmless sugar pills, but I still disparage practitioners, because pretending to be medicine is harmful. In a similar way, pretending to prevent phishing is harmful, even if it's just harmless busy work.
-
-
(I'm aware you differentiate credential stuffing and phishing, I didn't want you to think I was ignoring your point or didn't understand, I just disagree
)2 replies 0 retweets 2 likes -
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.