What's the correct minimum length for a password? 6 chars? 8? A number that isn't even? Here's what the big guys do (and why there's much more to it today than just length):https://www.troyhunt.com/how-long-is-long-enough-minimum-password-lengths-by-the-worlds-top-sites/ …
-
-
Which is harder? To teach password hygiene or mfa?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I guess I'm not sure I understand where we disagree, we both agree that attackers can improve, and both agree they haven't yet while adoption is so low. Is it that you argue that even when forced to adapt because of high adoption of SMS-2FA, they'll just pack up and go home?
-
Yes. In my experience, there is a non-negligible group of opportunistic attackers that can do password reuse/kid’s name password but will not/cannot escalate. This doesn’t apply to any high-value target or to systematic phishers (who have economic concerns).
- Show replies
New conversation -
-
-
My U2F advocacy is to the level that Amazon algorithmically tied my book to Yubikeys—and if you search for Amazon affiliate links for my book, you get security keys. I still make people turn on SMS at times (unless it defaults to one factor)https://twitter.com/zeynep/status/859842454664642561 …
-
That's amazing, awesome !


- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.