On 2022-05-16, David Wright <deb...@lionunicorn.co.uk> wrote: >> >> Preventing data breaches are outside the scope of the user, providing >> a high entropy password is not. If accessing a site is of importance >> to him, then, in your plausible scenario, an eight character password >> effectively gives little security. >> >> That is not an argument for 2FA but for a user having a responsible >> password policy to guard agains such breaches. > > Preventing data breaches might be outside my control, but mitigating > their effect might not be. So I like to have 2FA set up as entering
B. purports breaches are outside user control but then with alacrity asserts that the user should guard against them. 2FA is a mitigating factor in this real-world case (and they are *legion*). No rational argument has been presented so far as to why it wouldn't be (all brain-damaged "theories" and ill-formed "ideologies" and ersatz "philosophies" by the usual straw men aside).
