I don't think it's harder, but you're right - we don't see it for opportunistic phishing yet because why bother investing in supporting it to increase victim yield by 1%? It's just bad economics.
Would you argue that my banana-factor authentication scheme is better than none if it has the same property of reducing opportunistic phishing when only enabled for 1% of users?
-
-
I deal with a lot of people who are political targets but not necessarily state-level targets. There is a significant amount of opportunistic targeting of such people by people with zero tech skills nor economic incentives. Even SMS 2FA cuts that a lot.
-
You're correct, when enabled for 1% of users it effectively makes them too expensive to phish. That's only true if attacker gets 1% more victims when he supports it. If he gets 30% more victims, economics change and worth supporting. Attacker already has capability to phish.
- 16 more replies
New conversation -
-
-
2 sort of conflicting vantage points. Should users enable SMS 2FA when it’s the only available option? Prrrrobably yes? Should vendors speed its adoption because better than nothing? NO.
-
Should users enable SMS 2FA when it's the only available option? Only if it can't be used for account "recovery". Because that happens. Ignore the backup passwords (recovery questions), rely only on SMS. Nothing can possibly go wrong...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
