I meant that the "placebo" of anything beyond a simple password may prompt an attacker to move on. So 2FA has both that deterrent, as well as being legitimate but weak.
I have no idea what your argument is, it's obvious to everyone that 2FA and U2F are not widely deployed. I'm saying we should put the limited wood we do have behind the arrows that actually work, U2F.
-
-
I'm saying that U2F is becoming the enemy of 2FA, when either is better than what 90% of orgs are actually doing. 2FA is a great solution for SMBs that *maybe* get a security review 1x per year because it can be rolled out same-day and is probably adequate given the risk profile.
-
I'm glad U2F is the enemy of 2FA, this argument doesn't sway me. Just saying "2FA is a great solution" isn't a good argument, you have to explain why it's so wonderful, because all I see is a non-solution that is destroying the limited goodwill we have with users.
- 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
