| ▲ | smw 5 days ago | |
"2) mandatory 2FA (with the option for things like passkeys with hardware tokens)." No, with the _requirement_ for passkeys or hardware tokens! | ||
| ▲ | 0xbadcafebee 5 days ago | parent [-] | |
They don't work everywhere, and when they do work they're not a panacea. It's like host-based security: if you get past this one barrier... what, everything is completely pwnd? You need defense in depth. That means the authentication factor(s) must not be the final word in security. So not using a passkey or hardware token shouldn't be a death knell. | ||