Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Okay, the argument about credential stuffing is fairly weak. 2FA on a given service makes it an ineffective attack against that service. If you have 2FA on all of your services, credential stuffing won't work on any of them, so you're then immume. Moreover, not all services are identical - Email merits two distinct hardware keys, my Steam account warrants an emailed password, my BeerAdvocate account... probably doesn't need anything.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: