To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
-
non-U2F 2FA protects against credential stuffing, which is useful
-
I disagree, we're talking about password reusers who are not vulnerable to phishing. That is a miniscule set of people.
- 12 more replies
New conversation -
-
-
Have you heard the term man-in-browser?
-
No, but I guess it means malware or compromised extension, npapi plugin?
- 2 more replies
New conversation -
-
-
2FA has always seemed like a bit of an awkward bandage anyway, buying us time until we can get more transparent solutions in place, like better behavioral detection and anti-fraud measures behind the scenes.
-
Somewhere, our logic broke down. "Users are the weakest link!" "User-managed 2FA is the solution!" "Let's give them a 'trust this device for 30 days' checkbox"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
