Jump to content

ModuloZero

PC Member
  • Posts

    57
  • Joined

  • Last visited

Everything posted by ModuloZero

  1. Yes, everyone's fully aware DE sometimes has weird ideas and in this case just ignores decades of practical security and user habit research, and implements something that just makes it easier to phish people. Because that's why everyone who expects you to log in frequently has a convenience option - be it biometrics for payments or just auto-login, depending on threat profile. They're imperfect, but if you ask constantly, people - even the smart, security conscious people - start taking shortcuts and paying less attention. That's what 2FA is really for (because the phishing site doesn't know the correct answer, and your answer is useless to them later. With proper 2FA - like YubiKey - the 2nd factor is just useless to the phishing site, period. Password managers also help - because they won't "recognize" the site, which will hopefully stop you long enough that you notice something's off). So the "actually secure" thing to do is to let people play without authenticating again. But if someone wants to trade, or do something equally "impactful" (consume a frame would be an example, to me), then ask for the password and/or the 2FA. That's how you do security when you actually know how people act, instead of acting on pure reason and then be surprised folks keep having their account scammed. But also you're right that all I can do here is vent, because if DE was to change, they'd have done than half a decade ago.
×
×
  • Create New...