To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
-
«It opens some cans, so at least you get something, which is better than nothing?» A Google Titan Key doesn’t solve phishing, it makes it harder because as an attacker I will probably need to get hold of the physical key. «Hi, I’m from corporate IT. I have a new key for you.»
-
Umm, If you can't use phishing and have to use a non-phishing attack, then you've solved phishing. You understand that you can defeat SMS 2FA with phishing? I'm confused about your point.
- 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Unfortunately, misnaming things with 2FA made it confusing for many people 


If we were ALL to use nothing but the very best (secure) at any given time, then.... uh.... that's not possible.