Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
ADTJ@feddit.uk 8 months agoWhat should it do? It should ask you to confirm the login with a configured 2FA
Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
ADTJ@feddit.uk 8 months agoWhat should it do? It should ask you to confirm the login with a configured 2FA
capital@lemmy.world 8 months ago
Yeah they offered that. I don’t think anyone with it turned on was compromised.
rainerloeten@lemmy.world 8 months ago
This shouldn’t be “offered” IMHO, this should be mandatory. Yes, people are very ignorant about cyber security (I’ve studied in this field, trust me, I know). But the answer isn’t to out the responsibility on the user! It is to design products and services which are secure by design.
If someone is actually able to crack accounts via brute-forcing common passwords, you did not design a secure service/product.
Eezyville@sh.itjust.works 8 months ago
I’ve noticed that many users in this thread are just angry that the average person doesn’t take cybersecurity seriously. Blaming the user for using a weak password. I really don’t understand how out of touch these Lemmy users are. The average person is not thinking of cybersecurity. They just want to be able to log into their account and want a password to remember. Most people out there are not techies, don’t really use a computer outside of office work, and even more people only use a smartphone. Its on the company to protect user data because the company knows its value and will suffer from a breach.
BetaSalmon@lemmy.world 8 months ago
How should the company be protecting user data, when - like you said -, the average person doesn’t take cybersecurity seriously, are not techies, don’t use a computer outside the office, and just want to log into their account with a password they remember?
Are you basically just saying the company should’ve enforced 2FA? Or maybe one of those “confirm you’re logging in” emails, every time they want to log in?
rainerloeten@lemmy.world 8 months ago
That’s exactly right. I was about to say how people usually don’t even “not take it seriously” but rather don’t even think or know about it. But you already said that yourself haha :D
capital@lemmy.world 8 months ago
Fuck mandatory 2FA. Most sites just throw SMS on there and leave it at that. I’m so tired of putting yet more of my information into services that don’t require it.
If TOTP was more prevalent (getting there) I might agree but then we’d be talking about how the typical user doesn’t know how to set that up.
sudneo@lemmy.world 8 months ago
Companies pay SMS, TOTP is free for them (just a computation…). It is utterly dumb to implement the same logic with a paid service rather than TOTP (or security keys, at this point). So yeah, I agree with the idea, but I think nowadays most 2fa is TOTPs (sadly, some require their shitty apps to do just that - Blizzard once was one of them, maybe still is).
kattenluik@feddit.nl 8 months ago
2FA should be forced, it’s not a hard thing to do.
postmateDumbass@lemmy.world 8 months ago
To badbiometric data couldnt be used…