Well, its importance is IMO overblown. MFA as it’s usually implemented:
sms
email
TOTP
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
Oh I would not trust software from a developer who does not understand the importance of MFA.
I mean, there’s probably nothing wrong with it, but that’s such a basic security issue that I would have zero faith they built the rest right.
Well, its importance is IMO overblown. MFA as it’s usually implemented:
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
Granted the forms of mfa available without a hardware key are far from perfect. But they are better then no extra authentication method.
A good plan violently executed now is better than a perfect plan executed next week