Phishing Users with MFA on AWS

That was more a rhetorical question than something I was actually looking for an answer to.

I was trying to draw attention to the fact that having a protocol that solves the problem doesn’t help very much if it’s not getting implemented. I actually bought a yubikey a while back, because I wanted to be more security conscious, but I quickly ran into problems with most sites either not supporting it at all or supporting it so poorly that it defeated most of the purpose, even before you get into issues with browser compatibility. I eventually gave up and pretty much only use it for Last Pass.


Leave a Reply