non-U2F 2FA protects against credential stuffing, which is useful
Hmm, I'm not sure you understand how U2F works, what you're saying doesn't make much sense. It makes sense to say "it sounds inconvenient", or "maybe it's more expensive to roll out than accepting phishing", it doesn't make sense to say "maybe it doesn't prevent phishing".
-
-
It's entirely possible I'm missing something with U2F. I've been using it for a year now and have yet to see a case where it can be used 100% of the time with an account. Which means we need to have other controls that prevent phishing.
-
If those other controls are effective and attackers have opportunities to get around U2F, we have to weigh it's effectiveness against the additional cost/compromise of implementing and using it, right?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
