top | item 29620610

(no title)

aleksejs | 4 years ago

> For a high value account, a motivated attacker can and will continue at this point. (And if you don't consider your accounts high value, why are you bothering with 2FA?).

Because credential stuffing is highly lucrative, even when no individual account is particularly high value, and is the most common way accounts are compromised on most services. There are other things a _user_ might do to prevent credential stuffing, like using unique passwords, but 2FA has the benefit of actually being visible/verifiable for you as a service provider.

discuss

No comments yet.