Admittedly, 2FA won't stop determined attackers. But many attackers are not determined. Many aren't even targeting their victims. 2FA will stop the script kiddies who just grab a combo list and start spraying.
-
-
It is worth it if you will burn that good will by pushing for U2F in a situation where 2FA has already been in place and has proved sufficient for the current threat model, risk appetite and budget.
2 replies 0 retweets 1 like -
Yes, you don't need to reword your same argument dozens of different ways. You would burn all your budget to make attackers jump through a few hoops, I would rather save up for a real solution. I understand, I just disagree
1 reply 0 retweets 0 likes -
But if I can cheaply implement even sms based 2FA and it stops just a handful of attackers while I work towards a full on U2F solution the answer is yes. Part of that good will is accurately conveying the risks and trade-offs.
1 reply 0 retweets 0 likes -
Perhaps homeopathy can be practiced safely if you accurately convey the risks and tradeoffs. The placebo effect is real, it might help a handful of people. Homeopathy is still trash though.
2 replies 0 retweets 0 likes -
“Hey boss
@taviso said on Twitter that 2FA is the essential oils of security so we are just going to turn off 2FA until we can deploy yubikeys to everyone k?” I mean come on man.1 reply 0 retweets 0 likes -
"Hey boss
@taviso said on Twitter that Homeopathy is the 2FA of medicine, so we are just going to save our money until we can deploy Antibiotics to everyone k?" ....Umm, yes, that sounds like a fantastic idea.1 reply 0 retweets 0 likes -
And what if an attack that could have been stopped by a basic 2FA implementation succeeds and costs you? Or doesn’t immediately cost you, but the reputational impact of the breach impacts revenue? You may be okay with that. Not everyone will be, or can be.
2 replies 0 retweets 0 likes -
Banks are still heavily sms based 2FA for customers. You’re essentially advocating most banks kill 2FA entirely until all customers can be trained on the better solution and everyone just eats the cost?
1 reply 0 retweets 0 likes
Patients are still heavily homeopathy based. You're essentially advocating killing homeopathy entirely until all customers can be prescribed medicine and everyone just eats the cost?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.