Unpopular opinion: It is negligent to allow users to sign up with vulnerable 2FA methods like, OTP, TOTP, or SMS.

Service providers that don't force use of U2F/WebAuthn, even software emulated, should be partially liable for phishing attacks.


Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!