What's the correct minimum length for a password? 6 chars? 8? A number that isn't even? Here's what the big guys do (and why there's much more to it today than just length):https://www.troyhunt.com/how-long-is-long-enough-minimum-password-lengths-by-the-worlds-top-sites/ …
I did not claim TOTP is better, I do however claim U2F, while not a panacea, is better.
-
-
Agreed. It's better technically. But in practice some claim it's inferior due to the account recovery process if a use loses their u2f key. Support orgs are programmed to set a low bar for recovery because loss occurs so frequently.
-
That issue exists whether U2F is implemented or not. It also doesn't solve the problem of malware, vulnerability exploitation, or other social engineering attacks. It's pretty much just phishing.
- 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.