Honestly, I think not having MFA required for any account anywhere ever is bad practice. As others have mentioned MFA is something you know, something you own, something that’s you, and somewhere you are. Password or pin, phone or digital key, biometric like a fingerprint or face, geolocation or IP address. Having more than one of these things makes getting into your account harder. If you only need a password, then that’s all someone needs to figure out to get into your account, same with all the other examples. I feel like it’s pretty straight forward, but I tried my best to explain why we do need both…
If you run a server with thousands of users interacting with each other and someone gains access to all their accounts, what’s the harm? I don’t care if someone gets access to what I have access to through the account on x website, so it doesn’t matter right? Well what if real user accounts were used as bots to push propaganda or silence a competitor, damaging the community you’re hosting on your server, or posting bad reviews on products, etc. you lose trust in that community or website.
Idk, to me, there is a bigger picture that requiring secure accounts produces, and I think it helps me have more trust in the website I’m joining and want to be part of. It’s just about helping ensure genuine interactions, it’d be nice if it was guaranteed, but it at least helps me feel assured.
tldr;
MFA is important for securing the things inside of an account, but it’s also important for creating confidence and trust in who or what you’re interacting with on a website.
Honestly, I think not having MFA required for any account anywhere ever is bad practice. As others have mentioned MFA is something you know, something you own, something that’s you, and somewhere you are. Password or pin, phone or digital key, biometric like a fingerprint or face, geolocation or IP address. Having more than one of these things makes getting into your account harder. If you only need a password, then that’s all someone needs to figure out to get into your account, same with all the other examples. I feel like it’s pretty straight forward, but I tried my best to explain why we do need both…
If you run a server with thousands of users interacting with each other and someone gains access to all their accounts, what’s the harm? I don’t care if someone gets access to what I have access to through the account on x website, so it doesn’t matter right? Well what if real user accounts were used as bots to push propaganda or silence a competitor, damaging the community you’re hosting on your server, or posting bad reviews on products, etc. you lose trust in that community or website.
Idk, to me, there is a bigger picture that requiring secure accounts produces, and I think it helps me have more trust in the website I’m joining and want to be part of. It’s just about helping ensure genuine interactions, it’d be nice if it was guaranteed, but it at least helps me feel assured.
tldr; MFA is important for securing the things inside of an account, but it’s also important for creating confidence and trust in who or what you’re interacting with on a website.