Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/tychotithonus/statuses/114020426883534901">Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 18-Feb-2025 03:55:22 JST</a><a href="https://infosec.exchange/@tychotithonus" title="tychotithonus@infosec.exchange"><img src="https://gnusocial.jp/avatar/92920-48-20240902162501.webp" width="48" height="48" alt="Royce Williams" style="position: absolute; left: 0; top: 0;">Royce Williams</a></section><article><p>Delta Airlines recently announced that they added MFA, to both their site and their app. <br>👍 </p><p>But the only options are ones that require connectivity (SMS, email, push). <br>👎 </p><p>I have zero interest in making managing my travel ... dependent on whether various networks are up.</p><p>If security people can immediately think of common threat models that make them want to avoid your MFA entirely, due to core aspects of your business offering ... some stakeholders were missing (or overridden) in those meetings.</p><p><a href="https://infosec.exchange/tags/MFA" rel="tag">#MFA</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4582579#notice-8971227">In conversation</a><time datetime="2025-02-18T03:55:22+09:00" title="Tuesday, 18-Feb-2025 03:55:22 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@tychotithonus/114020426883534901" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@tychotithonus/114020426883534901">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4154998">Delta website MFA config area, showing:Push Notification, Text, Email</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 18-Feb-2025 03:55:22 JST Royce Williams
Delta Airlines recently announced that they added MFA, to both their site and their app.
👍
But the only options are ones that require connectivity (SMS, email, push).
👎
I have zero interest in making managing my travel ... dependent on whether various networks are up.
If security people can immediately think of common threat models that make them want to avoid your MFA entirely, due to core aspects of your business offering ... some stakeholders were missing (or overridden) in those meetings.
#MFA
In conversationabout 3 months ago from infosec.exchangepermalink
Attachments
1. Delta website MFA config area, showing: Push Notification, Text, Email
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png

Public

Embed Notice

HTML Code

Corresponding Notice