|
|
|
|
|
|
by _jal
2360 days ago
|
|
|
As a standalone method of authentication, insecure is more ways than I can list. I didn't think this was controversial or obscure. Authentication on my work laptop is fingerprint + 2FA, then password and 2FA for VPN. Access to most other resources at that point is certificate driven. I wish my bank would use certificates, for instance. I absolutely get the human (ultimately cost) factors involved, but my bank is one of the few entities with which I would go through the hassle of in-person key setup/renewal. |
|
|