Unpopular Opinion
Welcome to the Unpopular Opinion community!
How voting works:
Vote the opposite of the norm.
If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.
Guidelines:
Tag your post, if possible (not required)
- If your post is a "General" unpopular opinion, start the subject with [GENERAL].
- If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].
Rules:
1. NO POLITICS
Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.
2. Be civil.
Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Shitposts and memes are allowed but...
Only until they prove to be a problem. They can and will be removed at moderator discretion.
5. No trolling.
This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.
6. Defend your opinion
This is a bit of a mix of rules 4 and 5 to help foster higher quality posts. You are expected to defend your unpopular opinion in the post body. We don't expect a whole manifesto (please, no manifestos), but you should at least provide some details as to why you hold the position you do.
Instance-wide rules always apply. https://legal.lemmy.world/tos/
view the rest of the comments
Multi Factor Authentication (MFA) : using multiple authentication factors to validate a user is who they say they are and grant access
Auth factors:
Something you know: is in your head. Password, PIN, etc
Something you have: credit card, hardware token (yubikey, mag stripe, etc), software token (auth, MS authenticator, etc)
Something you are: biometrics.
Somewhere you are: location based (IP, geo location, geo fence, etc)
Any one method is vulnerable to compromise. By using two separate FACTORS (aka MFA) you vastly reduce risk that you will be compromised.
Using a password and PIN is NOT MFA because they're both the same auth factor.
Using just a token is NOT MFA because it's only one auth factor.
I get that only using a token isn't MFA. I'm just questioning why MFA is a thing if the major issue is really bad password security.
Bad password security is a human problem (can be back end bad practices also, but mostly human) whereas only using one auth factor is a security design problem. Again, MFA bad, single auth not good (but sometimes sufficient)
Also many people aren't comfortable with auth apps yet and way less are comfortable with hardware tokens.
Passwords, while often implemented poorly by humans, aren't something you can easily LOSE like your phone or a set of keys.
Many logins don't really need very good security, like who cares if my lemmy login gets compromised I don't want MFA here. Some might, I don't. I still use a password manager but still, just a password is fine.
I dropped a credit union because they don't allow MFA for online banking at ALL however, which is outrageous in 2025.