|
|
|
|
|
|
by abalone
4693 days ago
|
|
|
I agree except for the part about not caring about foolish users. For me, it is more about asking yourself what approach will increase the overall security of a system. User adoption is a critical consideration. That is where Twitter's approach shines. It's something that is super easy to adopt, no numbers to type in, which means literally millions more users may adopt it. Authy is undervaluing that consideration. Yes, this is vulnerable to
a) foolish users who approve duplicate requests and
b) have an attacker looking over their shoulder. Pretty good tradeoff IMHO. |
|
|