> we need ideas like to 2FA to gain traction as widely as possible
No, 2FA needs to die in a fire. Easily circumvented in most social attacks that actually matter, false sense of security, massive timewaster/usability-hell/pain in the butt, acts as a novel social/corporate/accessibility barrier to technology for a large number of previously unaffected groups, and poses a threat to software freedoms.
There are many ways to strengthen security and this has got to be the shittiest one.
Get rid of software that doesn't have to be an online service, for one. This cuts 90% of incidents.
Then, all the "common sense" stuff: encourage use of password managers to discourage password re-use, having actual humans providing actual customer support when suspicious activity is flagged, companies educating about safe practices like banks do now (e.g. always call back to a trusted number), spam prevention at the ISP level, SSO authentication, VPN ...
At the very least there must be better ways to do two-factor authentication than what is the standard default.
And to top it all off, on many services, if you cant get all that to work, all you need is your "memorable word". *facepalm*
No, 2FA needs to die in a fire. Easily circumvented in most social attacks that actually matter, false sense of security, massive timewaster/usability-hell/pain in the butt, acts as a novel social/corporate/accessibility barrier to technology for a large number of previously unaffected groups, and poses a threat to software freedoms.
There are many ways to strengthen security and this has got to be the shittiest one.