To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
I disagree, we're talking about password reusers who are not vulnerable to phishing. That is a miniscule set of people.
-
-
getting users to use SMS or TOTP 2FA is way easier than convincing them to use a password manager in my experience. phishing prevention is not the goal in recommending non-U2F 2FA. U2F is obviously superior because it handles both reuse and phishing.
-
Yep, get rich quick schemes are way more popular than getting rich the hard way, and get secure quick schemes are way more popular than U2F. The problem with both the quick easy fixes is they don't work very well.

- 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
