|
|
|
|
|
|
by frei
2156 days ago
|
|
|
The prescriptions in "If you’re a security conscious user..." make sense to me. If you use a unique password, sms/totp adds very little benefit. However the section for "If you’re a security conscious vendor..." doesn't make sense. Credential stuffing is so common, and sms/totp is a great tool against it. You could prevent users from setting their own passwords, but that seems a little "too different" from existing sites that it could harm usability. |
|
|