Title: 2FA for every site on the Internet?
1 2FA for every site on the Internet?
- This site totally misses the point. I think
Walmart should be congratulated for not rolling
out 2FA. A tightly bundled solution that just
solves two factor authentication for their
website (which I almost never visit) or in their
stores (which I am almost never in), is
fantastic. Nice work Walmart!!! -
- The list Id like to see is which websites enable
me to specify where I want to be authenticated,
and hopefully with what mechanism. I can choose a
domain for my website and email. Why shouldnt I
be allowed to choose how and where I
authenticate? -
- For many people this domain would be Google.com
or Facebook.com. We already have social creds, so
in many cases these are a good choice. In other
cases, I might want to use my work email to
identify my home domain. For example, if I am
using a SaaS business application, my work might
even be paying for it, so it makes sense that
theyd want to control access. -
- The problem is that in the past, it wasnt clear
what standard websites should adopt to enable
distributed authentication. Finally, the answer
is clear OpenID Connect. This standard has the
backing of Microsoft, Google, enterprise security
vendors, and already has tons of open source
implementations and libraries like the OX OpenID
Connect Provider.
2If the authors of had actually done their
research, they would have discovered that the
main reason websites dont use two-factor is
deployment issues. A large enterprise like
Walmart needs to identify people who are acting
as its employees, customers, and partners. The IT
infrastructure is comprised of numerous web
services, both internal and third party. Tightly
bundling one type of authentication to one
application does not really address the security
concern. Ironically, increasing security is an
inconvenience to the customer. The best usability
is not authenticating me at all. We should
congratulate the websites who use authentication
intelligently to mitigate the risk of network
security. We should not be congratulating
knee-jerk adoption of technology that doesnt
enhance usability or security for their site or
for the Internet in general. Article resource-
http//thegluuserver.wordpress.com/2014/05/16/how-
to-benchmark-ox-for-a-large-scale-deployment/