Would you argue that my banana-factor authentication scheme is better than none if it has the same property of reducing opportunistic phishing when only enabled for 1% of users?
Yes, fixed word, must be typed into a form field. Your php script will have to be changed to support it. So you're saying that my banana scheme isn't worthless, and has value?
-
-
This may seem really weird, but even that might have a non-zero impact. Though the distance between (1) regular phishing and (2) editing php script is probably much closer than the difference between (3) guessing easy password and (4) escalating to phishing a hard password.
-
I think we agree if you would say BFA and SMS 2FA have similar value, we just disagree on how valuable that is.

- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.