I often hear the argument "we shouldn't call bad solutions bad, or people might not use the bad solution", but I strongly disagree and reject that argument. We have a good solution, and we're burning our limited goodwill on snakeoil. 2/2
I think you've mixed your metaphors here, aspirin is not placebo. We're all on the same page that attackers do have to make changes to accommodate 2FA, that is self-evident. The debate is you think that's worth burning the limited goodwill we have for security, and I don't. 
-
-
I meant that the "placebo" of anything beyond a simple password may prompt an attacker to move on. So 2FA has both that deterrent, as well as being legitimate but weak.
- 30 more replies
New conversation -
-
-
There's only so many hoops people are willing to jump through, if you burn through them on trash like 2FA, then it's harder to ask them to implement U2F. Have you harmed security, or improved it? That's the debate
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That limited goodwill has been burned already many times. We’ve gone from passwords to complex passwords you never write to password managers to 2fa to u2f. It’s like listening a schizophrenic. Who takes any advice seriously since it changes to different every time you ask it?
-
Yep, totally agree. I guess I'm hoping there's some goodwill left and we can salvage it, but it's not looking good.
End of conversation
New conversation -
-
-
I’d argue that you can burn just as much goodwill by pushing a new solution when the existing one may do the job for a given entity under the right circumstances, situation.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.