The problem with 2FA is that the same attack that it protects against can be used to defeat it. It's pretty questionable if that is progression, I happen to think it isn't. U2F on the other hand is obviously progression. 1/2
That is not a good analogy, that would be a real improvement. Again, the problem with 2FA is that the *same* attack that it defends against can be used to defeat it.
-
-
I like U2F, it is a high quality solution to phishing. It can still be defeated with non-phishing attacks like malware and social engineering. Antibiotics are wonderful even though they don't cure cancer. A solution does have to solve a problem, but not all problems.
-
Token binding solves malware. I am not sure how does social engineering going to defeat U2F...
- 4 more replies
New conversation -
-
-
Yes. But will it cost an attacker more time? If you have to pick two locks, does it increase the chance I could walk up and be like “Tavis pls stop breaking into my home we discussed this.” Did my second lock just save the day? Yes it did. Am I an idiot still? Yeah but lol.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Can you please clarify how 2FA is defeated the "same" way? I think you are assuming that attacks begins with zero knowledge. But lots of attacks begin with 2B+ previously breached passwords + common passwords + wordlists.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.