Unpopular opinion: It is negligent to allow users to sign up with vulnerable 2FA methods like, OTP, TOTP, or SMS.

Service providers that don't force use of U2F/WebAuthn, even software emulated, should be partially liable for phishing attacks.


Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!