Broad statement KLAXXON
https://twitter.com/taviso/status/1082015009348104192 …
Sorry, I believe in calling out trash when I see it. Solving phishing with phishable schemes is trash, and we've burned a lot of goodwill asking vendors to roll out trash when we could have been asking for real solutions (like U2F). 
-
-
Phishing is tough (I get that). Notwithstanding the correct way to tackle it, re: your “OTP/PUSH” statement - below describes Authy’s PUSH implementation. Maybe the context only refers to securing the PUSH itself (opposed to the end to end session)? I will need to check.pic.twitter.com/fYszizxpox
-
Yes, I'm aware they (falsely) claim they solve phishing. That is not accurate. Phishing works using real authorized devices, so verifying it was signed makes no sense; it's pretty scary they don't realize this.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.