Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch

<- View Parent
serial_crusher@lemmy.basedcount.com ⁨10⁩ ⁨months⁩ ago

Is there a standards body web developers should rely on, which suggests requiring MFA for every account? OWASP, for example, only recommends requiring it for administrative users, but for giving regular users the option without requiring it.

There’s some positives to requiring MFA for all users, but like any decision there’s trade offs. How can we throw 23andme under the bus when they were compliant with industry best practices?

source
Sort:hotnewtop