25 Feb
2019
25 Feb
'19
2:14 p.m.
ekuhnke> One thing to consider with authentication for domain registrar ekuhnke> accounts: ekuhnke> DO NOT USE 2FA VIA SMS. Yup. This is a good example of what I'm advocating. Just saying "use 2FA" or "use DNSSEC" or "have a CAA" isn't sufficient detail to make informed decisions of risk/effort/reward tradeoffs. Simplistic suggestions without details or context isn't doing anyone any favors. That said, even SMS 2FA is better than no 2FA. Barely. Just like forcing lousy passwords is better than no password but still not a best practice.