Christopher Neumann Ruud Good two-factor solutions supports “hard copy” once off keys and/or physical crypto keys (FIDO U2F)- so that lost or destroyed phones doesn’t put you into trouble. Not sure what Apple supports?
Lars Fosdal probably. Also rumors source access was achieved, so bad or flawed implementation would be far easier to locate. I’m not sure if either of these have been confirmed yet.
It is a mystery how Yahoo can expose 1 billion accounts when they probably have less than half a billion active users.
Mark Bothwell Probably in the same way that Google+ has around 3 billion accounts, but only around 300 million active users. “Only”…
Christopher Neumann Ruud Good two-factor solutions supports “hard copy” once off keys and/or physical crypto keys (FIDO U2F)- so that lost or destroyed phones doesn’t put you into trouble. Not sure what Apple supports?
I’m trying to think what that gets them access to.
If this was cookie forging as suggested it doesn’t matter if you have 2 factor, or 3 factor.
John Stimmel That would indicate that their cookie design was really bad.
Lars Fosdal probably. Also rumors source access was achieved, so bad or flawed implementation would be far easier to locate. I’m not sure if either of these have been confirmed yet.