Delta website MFA config area, showing: Push Notification, Text, Email
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png
Notices where this attachment appears
-
Embed this notice
Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 18-Feb-2025 03:55:22 JST 
Royce Williams
Delta Airlines recently announced that they added MFA, to both their site and their app.
👍But the only options are ones that require connectivity (SMS, email, push).
👎I have zero interest in making managing my travel ... dependent on whether various networks are up.
If security people can immediately think of common threat models that make them want to avoid your MFA entirely, due to core aspects of your business offering ... some stakeholders were missing (or overridden) in those meetings.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.