“Hey boss @taviso said on Twitter that 2FA is the essential oils of security so we are just going to turn off 2FA until we can deploy yubikeys to everyone k?” I mean come on man.
Remember "security phrases"? It "solved" phishing by making users type in a phrase or image to prove it was the real site. It was trash, just like 2FA, but attackers had to change scripts and maybe Chris will argue was a deterrent, I don't know. Do you think this is sustainable?
-
-
Since I hath been summoned; you’ll always find yourself wanting to argue for implementing whatever the current best is, but the best solution may not be the right solution for that problem, at that time. Arguing against doing what you can in favor of doing what you should is bad
-
If all you can do is homeopathy, should you do it?
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

