• pivot_root@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    3 days ago

    A cynical thought: what if it’s actually less risky to make 2FA someone else’s fault when it fails, rather than worry about ever having to be held accountable for an insecure implementation they created.

    • DahGangalang@infosec.pub
      link
      fedilink
      arrow-up
      3
      ·
      3 days ago

      Thats a good point.

      I expect the courts would uphold that flavor of argument too (at least in the U.S.; I expect the same in other countries, but don’t feel comfortable speaking for systems I’m not at all familiar with).