To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
-
"[U2F] doesn’t solve phishing [..] because an attacker [can] get the physical key" is just wrong. That *is* solving phishing. I think you're falling into the trap of false equivalency, like antibiotics aren't perfect and neither is homeopathy, so does it matter which one you use?
-
Ah. Phishing to me is not just digital, it is simply "tricking people", no matter physical or digital. WebAuthn solves a lot and I like it, but the human problem remains unsolved. Google employees knows not to hand out their Titan key. Most people do not.
- 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Unfortunately, misnaming things with 2FA made it confusing for many people 


If we were ALL to use nothing but the very best (secure) at any given time, then.... uh.... that's not possible.