|
|
|
|
|
|
by staticassertion
1419 days ago
|
|
|
> Give copies of the keys to all your co-workers, and leave one under the doormat too for a good time... Hah! Straw man, not going to address this. > write passwords on post its and put them on PC monitors back in 2019 This is fine > requiring them to be changed every 3 months NIST recommends against this I don't really get your post. |
|
|
That's because we are going down a rabbit hole far away from the original premise... We are talking mostly about social media here (as cited above) using 2FA... 2FA in more high value settings is a separate discussion.
In Private settings, 2FA can still be compromised by data scraped from social media, that catalogues data even on people who do not create social media profiles.
I am not arguing against the technical merits of how 2FA operates, but even with a Yubi Key, a user with system access can be compromised if they are physically extorted or abducted along with their key. The real world is a factor in security, it is not overcome by encryption.
I have listed several aspects of flaws to the security model in other posts here. Arguing about the technical bones of 2FA is a distraction/sidebar from those other valid points.