Yes, you don't need to reword your same argument dozens of different ways. You would burn all your budget to make attackers jump through a few hoops, I would rather save up for a real solution. I understand, I just disagree 
The same thing will happen to 2FA, it will get wide enough adoption until it's worth supporting in phishing kits (e.g. see https://github.com/drk1wi/Modlishka …) and then we'll have to move on to the next trash idea. U2F is a real solution, it's not a fad, it solves phishing.
-
-
We can keep asking people to implement the next cheap stepping stone and then say "oops, never mind, next trash thing is four factor security sounds", or we can say "This is a little harder to implement but the problem will be solved". Is it really so crazy to argue for that?
-
We should absolutely argue for U2F. But when we’re told “no”, we should still argue for 2FA.
- 6 more replies
New conversation -
-
-
As an author of Modlishka, I am really happy that this type of great debates are taking place. At the end this was the main point of the release. I also think that the only real solution here is U2F ... anything else is just postponing the risk in time.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.