What's the correct minimum length for a password? 6 chars? 8? A number that isn't even? Here's what the big guys do (and why there's much more to it today than just length):https://www.troyhunt.com/how-long-is-long-enough-minimum-password-lengths-by-the-worlds-top-sites/ …
-
-
I definitely disagree, you don't have to be a skilled attacker to buy a php phishing script. Right now it's more expensive for so little benefit, but when it's the only option, why wouldn't they?
-
Because people don't operate like that. Why do people, even people whose lives are on the line, reuse passwords? Just saying "you have to buy a phishing script" will scare off so many opportunistic attackers.
- Show replies
New conversation -
-
-
If we disagree, it’s that I don’t this SMS 2FA is basically worthless. If you’re a vendor, I’d be begging you not to do it that way, and to adopt U2F and/or auth app. Still, for many users, those are surprisingly hard steps.
-
I get that, but my point was you can achieve the same result that we both like (lower opportunistic phishing) with my silly banana scheme. Is my banana scheme basically worthless? If yes, then why is it worse than SMS-2FA?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.