Admittedly, 2FA won't stop determined attackers. But many attackers are not determined. Many aren't even targeting their victims. 2FA will stop the script kiddies who just grab a combo list and start spraying.
I'm glad U2F is the enemy of 2FA, this argument doesn't sway me. Just saying "2FA is a great solution" isn't a good argument, you have to explain why it's so wonderful, because all I see is a non-solution that is destroying the limited goodwill we have with users.
-
-
I acknowledge your point about limited goodwill, and 2FA is absolutely not secure enough for some orgs. But I think 2FA is our best chance to convert the 90% of orgs that are on 1FA, and can be a stepping-stone (especially for training users) on the path to U2F. Crawl-walk-run.
-
Do you remember the old idea of "security images"? Users were prompted to select an image that they would see when they login, proving the site was authentic. Here is an article about it: https://www.marketwatch.com/story/banks-find-online-security-images-offer-little-protection-2015-11-05 …. It was easy to implement, so lots of banks did, but it's trash.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
