Good Primer on Two-Factor Authentication Security
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication.
While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system.
Thoth • August 22, 2018 6:14 AM
The use of MFA is used to supplement a weak 1st level authenticator. A weak supplementary authenticator does no good for an MFA scheme.
One good example of a bad 2nd FA is SMS OTP which many enterprises still insist on it’s use despite recent Reddit incident shows that SMS 2FA is not a good idea anymore and @Clive Robinson have warned of SMS 2FA problems long before Reddit incident.
If the 1st FA is strong, there is no need for other source of supplementary authentication.
The usual sales via “Compliance” a like GDPA, PDPA and whatever privacy regulations are for sales. Structuring a proper defense in-depth must go beyond these marketing hype backed by some blind compliance.