U2F for Puri.sm


#1

Hi,

I thought about making my webaccounts more secure.
But most companies/websites don’t over second factor authentification (for example U2F or TOTP).
Even puri.sm sites don’t over it as far I know.
Most sites just use a username and password.

Is there any special reason for this?
Is it just a lack of personal resources?

Kind regards


#2

It’s mostly a matter of UI friction. Sites don’t want to introduce more complexity without good reason. Most banks, email services, Social Security, IRS, and Medicare, among others have two factor authentication now. Does it really matter if your 4chan identity is stolen?
OAuth may be an option and Steve Gibson has published SQRL protocol for secure password-less login (please, no Gibson flame wars). So keep your ears open for news of new ways to login that are more secure than passwords.


#3

Regarding does it matter:
In webshops normally a whole delivery address is stored.

But even for all other accounts I would be interessted to use a good second factor and reduce the complexity of my passwords. (easier to remember and type)