On Fri 13 May 2022 at 20:01:20 +0200, Kamil Jońca wrote: > Brian <a...@cityscape.co.uk> writes: > > > On Fri 13 May 2022 at 08:42:21 -0400, Michael Stone wrote: > > > >> On Fri, May 13, 2022 at 07:16:11AM +0200, to...@tuxteam.de wrote: > >> > A loong password is not "equivalent" to 2FA, that's right. Good > >> > password management (of which length is but a part) is as secure > >> > as 2FA. > >> > >> No, it really isn't. > > > > How does a 40 random character, high entropy sound for Google? Good > > enough to go up against 2FA? Avoiding the tedium and inconveniece, > > of course. > > Think about leaks. > Password can be stolen, while with 2fa you have to take control over two > factors.
When was the last time you experienced that or heard of a well-documented case of it happening? I do not even know what my passwords are. Nothing to be stolen! Your claim is a good example of "frighten the user into doing what we want". -- Brian.
