top | item 40043488

(no title)

bnabholz | 1 year ago

I agree with you that the timing is very coincidental, and it irritates me that you agree to once set of ToS for a device you purchased, and then the company can say "accept the new terms or stop using the device you already paid for." It's crap.

However, I don't understand the outrage about this particular incident, and every headline I've seen about it is disingenuous and makes it sound like Roku was breached.

If some other service "XYZ" gets hacked and they steal your password, AND that's the same password you use with Roku, AND you didn't bother to turn on 2FA ahead of time, what exactly was Roku supposed to be doing to protect you?

If this is Roku's fault, then every service in existence should mandate 2FA with the assumption that their users are reusing a single password on every site. In which case, they might as well ditch the passwords completely and use only an SMS or e-mail verification for login ("magic link").

discuss

eviks|1 year ago

> what exactly was Roku supposed to be doing to protect you?

Prevent mass infiltration

Especially with close monitoring

> start monitoring account activity more closely in March, it said, and this monitoring led to the discovery of a second incident a

toomuchtodo|1 year ago

Yes, 2FA should be mandatory if you’re not using passkeys. This is straightforward to implement.

https://passkeys.directory/