Well, its importance is IMO overblown. MFA as it’s usually implemented:
sms
email
TOTP
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
Well, its importance is IMO overblown. MFA as it’s usually implemented:
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
Granted the forms of mfa available without a hardware key are far from perfect. But they are better then no extra authentication method.
A good plan violently executed now is better than a perfect plan executed next week