- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.
Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.
Turns out, it is.
What should a website do when you present it with correct credentials?
What should it do? It should ask you to confirm the login with a configured 2FA
Yeah they offered that. I don’t think anyone with it turned on was compromised.
This shouldn’t be “offered” IMHO, this should be mandatory. Yes, people are very ignorant about cyber security (I’ve studied in this field, trust me, I know). But the answer isn’t to put the responsibility on the user! It is to design products and services which are secure by design.
If someone is actually able to crack accounts via brute-forcing common passwords, you did not design a secure service/product.
[Edit: spelling]
I’ve noticed that many users in this thread are just angry that the average person doesn’t take cybersecurity seriously. Blaming the user for using a weak password. I really don’t understand how out of touch these Lemmy users are. The average person is not thinking of cybersecurity. They just want to be able to log into their account and want a password to remember. Most people out there are not techies, don’t really use a computer outside of office work, and even more people only use a smartphone. Its on the company to protect user data because the company knows its value and will suffer from a breach.
Yeah, even more important to make 2fa mandatory because of this.