What's the correct minimum length for a password? 6 chars? 8? A number that isn't even? Here's what the big guys do (and why there's much more to it today than just length):https://www.troyhunt.com/how-long-is-long-enough-minimum-password-lengths-by-the-worlds-top-sites/ …
-
-
Which TOTP suffers from too. I still consider this and the "sim hijacking"* less important than the account life cycle issues
@alexstamos highlights. Especially if you can just email support and convincingly claim you're locked out due to a new phone/lost@Yubico. -
* Where's the data on "sim hijacking"? I remember
@riskybusiness covered a German SS7 attack, which had a bunch of caveats. Everything else seems to be targeted through social engineering cell phone providers, who have stepped up their security since. - 33 more replies
New conversation -
-
-
But that is essentially true for all 2FA, depending on how loose your definition of password :P
-
I don't get the joke, I'm saying U2F is a better solution because it's not phishable.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.