top | item 23990270

(no title)

frei | 5 years ago

The prescriptions in "If you’re a security conscious user..." make sense to me. If you use a unique password, sms/totp adds very little benefit.

However the section for "If you’re a security conscious vendor..." doesn't make sense. Credential stuffing is so common, and sms/totp is a great tool against it. You could prevent users from setting their own passwords, but that seems a little "too different" from existing sites that it could harm usability.

discuss

No comments yet.