Quote:
Originally Posted by rustigsmed
|
I've seen a lot of Rob Braxman's videos along with many other cybersecurity and online privacy 'expert' presentations. I've been on a continuing security and privacy drive myself. FWIW, if you like Brax's presentations, try Naomi Brockwell TV on Youtube as well. There are a bunch of others, too numerous to name, of varying degrees of accuracy/reliability or niche subject matter.
Some 2FA is better than no 2FA. In this regard, Brax's viewpoint is a little overstated, IMHO. It's true that some institutions seem to treat 2FA as a box-ticking exercise and prioritise the ID aspects over true security, such as using SMS to a phone, with banks being the worst culprits. I think Brax's assessment of the impact of "know your customer" legislation is correct in this regard. But, again, some 2FA is better than no 2FA.
I'd love to see the FIDO standard more universally adopted but the humble code-generator (of which there are many examples, and they pretty much all work the same way) is a step up from SMS, even if it is still "phishable".
As we find ourselves in the middle of an undeclared cyberwar, it's incumbent upon all of us to be more cybersecurity aware and to use the best/most secure mechanism that each site/service allows. Beyond that, the more of us who write to our MPs to demand better 2FA/MFA options (especially banks!), the better.
And, yeah, sorry it's an old thread.