• asdfasdfasdf@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Number 2 isn’t true. I could choose a super strong password, but if the company chose to roll their own security and the dev chose to store user passwords in plain text, then their database is hacked, my password is out in the open. This happens all the time, even with huge tech companies.

    That cannot happen with MFA since the password never leaves your hardware key.