|
|
|
|
|
|
by 4oh9do
1459 days ago
|
|
|
> Again, 2FA isn't an account recovery process at all; it's a reason you need account recovery. Your reading of the FTC text seems to be that you think the FTC has conflated account recovery with 2FA, but I don't think that's the case. Instead, my read is that they're suggesting that password breaches can be rendered moot points by requiring 2FA for accounts, so that the compromise of a password would not require an account reset in the first place. |
|
|
But technical language aside: a requirement that CafePress fully adopt 2FA also doesn't make sense, because its users will not fully adopt 2FA. The users that can't 2FA are the interesting case here, and the thing I'm calling out.