19 Apr
2021
19 Apr
'21
9:55 a.m.
I'd add to that that people probably shouldn't treat phones as a significant increase in security, it's not really the out-of-band device that it used to be/was in the 1990s. Today, it basically equates to a second computer and the probability that the second computer is also compromised isn't overly unrealistic.
by the same attacker? raises the bar a bit. it's just a second factor, not a guarantee. i am a fan of the google token and don't like having to carry a different hw token for everyone who wants to hw 2fa me. but i think $ubject is correct. sms 2fa is roadkill. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery