On Thu, Apr 29, 2021 at 01:53:48PM +0100, Eric S Fraga wrote: > On Thursday, 29 Apr 2021 at 14:38, tomas@tuxteam.de wrote: > > On Thu, Apr 29, 2021 at 01:27:07PM +0100, Eric S Fraga wrote: > >> 2. txt message to your phone (so need not be "smart") > > > > You know those can be (and have been) hi-jacked, don't you? > > Yeah. :-( > > What really gets me is the hypocrisy of the whole situation. I've been > pushing to have people use public key encryption but they insist on > sending emails with confidential information in plain text. Oh, "MFA > will make everything secure"... Yes, but 2FA is just about getting the human factor out of the loop. Put yourself into Google's or Facebook's shoes. All those users who forget their passwords (or even worse, come up with easily guessable ones, or use the same password across several services, yadda, yadda). This is just support burden which diminishes margin. Now there would be two ways out of that: educate your users or keep them dumb and take them out of the loop. Which one aligns better with their business plan? After all, for them "users" are turnips, potatos or cattle: the product, not the customer. > > I'm not very much into conspiracy theories [...] > Everybody needs to be in those walled gardens: Facebook, et al. :-( That's why I think that they /at least/ "let it happen happily". Nudging it here and there would make even more sense, strategically. Not poison the well to sell bottled water, but perhaps sliding something disgusting in there, from time to time. Cheers - t
Attachment:
signature.asc
Description: Digital signature