Hi,
I really do enjoy reading your regular newsletters. I’m a hardware professional in the ICT industry but not a security specialist as such. I don’t login here much but when I do it still bothers me that there’s no 2FA facility on my account. Of course, I do have a unique password here that I don’t use anywhere else. but not having some form of 2FA (or MFA as some like to call it) does give me the shivers with my login credential security anywhere on the net.
As for passwordless accounts, no thanks. I’ve tried these a few times and so far they’re messed up big time (maybe they work in the lab?). I could go on as to why, but let me give an example. They only work for me if I have the one machine and never log in from any other device or location and my machine never needs replacement. For example, from my windows 11 machine I tried to set up an online account as passwordless and have my 1Password vault manage the account, but nope, Windows 11 stole the token out from under it. I tried to redo it, but nope, it says it’s already set up on windows. Clearly, I can’t take my windows machine with me everywhere and why would I want to give my security info to a company who might want to store it in their customer’s data-mined cloud if that’s what they’re doing with it (oh yes, I’ve disabled OneDrive on my PC, but that’s another story)? And what recovery choices do I have if the passwordless vendor goes blackout? No thanks. Usually with 2FA I can set up multiple recovery choices like 1Password and Yubikey and these just work everywhere I want to be on whatever device I want to use (I do keep a spare Yubikey in a fireproof locked physical security safe). But anyway, as I said, I’m not a security expert.
Anyway, back to my wish list, please add some form of 2FA/MFA to askwoody accounts, perhaps optional for those who care. I would thank you. I really woody would.
