I agree with everything you've said. One thing that would go a long way to securing accounts would be legislation requiring all government services, banks, and credit unions to implement authenticator-based 2FA. At a minimum.
Those institutions are already very heavily regulated (at least here in Canada), so one more regulation would be meaningless.
With that in place, it would be trivial for everyone else to follow suit, since they'd know that approximately everyone has a second factor and knows how to use it.
Good for you in adding to your testing template. Security is a journey, not a destination, so keeping things up to date is important.
I agree with everything you've said. One thing that would go a long way to securing accounts would be legislation requiring all government services, banks, and credit unions to implement authenticator-based 2FA. At a minimum.
Those institutions are already very heavily regulated (at least here in Canada), so one more regulation would be meaningless.
With that in place, it would be trivial for everyone else to follow suit, since they'd know that approximately everyone has a second factor and knows how to use it.
Good for you in adding to your testing template. Security is a journey, not a destination, so keeping things up to date is important.