Don't have big, systematic data on this but I constantly hear all over the world from people without any 2FA whose accounts get taken over via password reuse and much rarer live phishing of SMS 2FA. I do push people to U2F but, ceteris paribus, SMS 2FA seems way better than none.
I get that, but my point was you can achieve the same result that we both like (lower opportunistic phishing) with my silly banana scheme. Is my banana scheme basically worthless? If yes, then why is it worse than SMS-2FA?
-
-
"Banana" is fixed word? Once again, anything that involves typing something, not a huge barrier to opportunistic attacks. Mutter the words "php script", and a surprisingly non-negligent number of them seem to scatter.
-
Yes, fixed word, must be typed into a form field. Your php script will have to be changed to support it. So you're saying that my banana scheme isn't worthless, and has value?
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.