• hessenjunge@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 hours ago

    Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.

    That’ll surely end their business. /s

    I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.

    Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?

    Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?

    Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can’t easily be compromised to ripp off stupid people?*

    * Let’s just assume that you, the lead developer, are not at all “incompetent”, quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).