Remember "security phrases"? It "solved" phishing by making users type in a phrase or image to prove it was the real site. It was trash, just like 2FA, but attackers had to change scripts and maybe Chris will argue was a deterrent, I don't know. Do you think this is sustainable?
-
-
Since I hath been summoned; you’ll always find yourself wanting to argue for implementing whatever the current best is, but the best solution may not be the right solution for that problem, at that time. Arguing against doing what you can in favor of doing what you should is bad
1 reply 0 retweets 0 likes -
If all you can do is homeopathy, should you do it?
1 reply 0 retweets 0 likes -
And again, that only holds up if everyone agrees 2FA does absolutely no good, in all situations, for all use cases. That is not the case though. In a bubble, when your attacker is just shy of omnipotent by all means 2FA is junk. But not every attacker is omnipotent.
1 reply 0 retweets 0 likes -
I didn't ask you if it's the same, I asked if all you can do is homeopathy, should you do it? The debate is *not* something is better than nothing, it's that 2FA is about as effective as homeopathy.
1 reply 0 retweets 0 likes -
Then your analogy doesn’t hold up here. Because homeopathy does next to nothing. 2FA does something, to varying degrees of effectiveness.
1 reply 0 retweets 1 like -
The placebo effect is real and is remarkably effective. If all you can do is homeopathy, should you do it?
1 reply 0 retweets 0 likes -
I’m nauseous, am I going to chew on some ginger or go right to Dramamine and just be that sleepy boi for the rest of the day.
1 reply 0 retweets 0 likes -
I don't get it, why can't you just say yes or no? If all you can do is homeopathy (literally, not ginger or aromatherapy, actual homeopathy), should you? (If you don't know, homeopathy is literally just placebo, it's some nonsense about water memory)
2 replies 0 retweets 0 likes -
And fair point! That’s fucking weird. So my other point still stands then that your premise is false. 2FA is not completely ineffective, it can be very effective. So if I can achieve “very effective” while I work on “super effective” should I not?
1 reply 0 retweets 0 likes
We both definitely agree you should grasp any improvement you can, no matter how small. That is not what 2FA is, it's more like rearranging deckchairs on the titanic 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.