That's not how 2FA works | Terence Eden

A succinct and to-the-point teardown of why 2FA (two-factor authentication) is beneficial for user verification by businesses, but terrible for preventing things like phishing attacks (because the fake site can simply make the valid requests on your behalf). In other words:

There is almost nothing you can do to authenticate that a site is legitimate.

Though, Terence does give one interesting suggestion: password managers. Already pretty much an industry-standard best practice for account protection, they make a valid point here that it also works as a filter for "approved" URLs. If your password manager only suggests auto-fill based on URL, it works as a sanity check for phishing sites too.

Explore Other Notes

Newer

The mistakes of CSS

It's fun to see which technical decisions the CSS working group officially consider "mistakes" 😂 I agree with most, though not sure how I feel about the counter-clockwise […]

Older

Marching up the wrong tree

A fascinating quote about Rudolph Zallinger's iconic (and problematic) March of Progress representation of hominin evolution. Once again, it feels like ignoring the experts has caused […]
  • A succinct and to-the-point teardown of why 2FA (two-factor authentication) is beneficial for user verification by businesses, but terrible for preventing things like phishing attacks […]
  • Murray Adcock.
Journal permalink

Made By Me, But Made Possible By:

CMS:

Build: Gatsby

Deployment: GitHub

Hosting: Netlify

Connect With Me:

Twitter Twitter

Instagram Instragram

500px 500px

GitHub GitHub

Keep Up To Date:

All Posts RSS feed.

Articles RSS feed.

Journal RSS feed.

Notes RSS feed.