Forum Overview :: E.Y.E.: Divine Cybermancy :: MFA is a mess, continued

[quote name="Ice Cream Jonsey"]<a href="https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess">https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess</a> This article doesn't align precisely with my views, it takes as a given that all sites should have MFA. The use case I just encountered about some awful implementations of it was this: - Flying out of the country, get a Europe SIM card from Three.co.uk. - Put that in, with the understanding that my old SIM card is out - Go to use a website and that website wants to send something to my old telephone number Now I am swapping SIM cards. :/ This part in the article is kind of amazing to me: [quote]For much of the last five years, the center of the campaign for two-factor has been twofactorauth.org, a site run by Carl Rosengren that’s dedicated to naming and shaming any product that doesn’t offer two-factor. At a glance, it can tell you which sites offer more than just a password login, and offers you an easy way to tweet at companies that don’t. Today, the site sends out hundreds of thousands of shaming tweets a day. CONSUMERS WANT TWO-FACTOR. IF YOU DON’T OFFER IT, THEY’LL FIND A SERVICE THAT DOES The campaign seems to have worked; nearly every company now offers some form of two-factor. Netflix is the biggest holdout — “I feel like I should buy a cake or something when that happens,” Rosengren says. [/quote] MFA for Netflix is stupid. Netflix wants you to share your account. It is frequently used (via the download to device option) on airplanes. If someone got my Netflix credentials they can't do any damage. The only reason we have accounts on Netflix, really, is for billing. Of course I shouldn't need to go get my goddamn phone for Netflix. It bothers me that they are doing the right thing and well-intentioned people that can't think about the real world implications of this for a second think they are in the wrong. I'll let "hundreds of shaming tweets" go. ICJ[/quote]