This is a misunderstanding. You can’t possibly know if there’s been a benefit, because you wouldn’t know unless your account was compromised. The mere presence of 2fa on an account will stop credential stuffing attacks dead in their tracks.
It’s like saying “this lock on my door is pointless because nobody has broken into my house”.
No it would be more like having the key to my house, but after I use the key I can’t get in and have to wait for a text and verification email before my door opens
The clunky user experience in the analogy isn’t wrong but is focused on the wrong thing, having locks is already an annoying user experience.
Having to carry keys everywhere and juggle shopping when opening my door sucks. It would suck more if someone entered my house and stole my stuff so I accept the trade off.
It’s the same with MFA. We all accept a worse user experience for significantly improved security.
It’s been nothing but a headache for me with no benefit
This is a misunderstanding. You can’t possibly know if there’s been a benefit, because you wouldn’t know unless your account was compromised. The mere presence of 2fa on an account will stop credential stuffing attacks dead in their tracks.
It’s like saying “this lock on my door is pointless because nobody has broken into my house”.
No it would be more like having the key to my house, but after I use the key I can’t get in and have to wait for a text and verification email before my door opens
The clunky user experience in the analogy isn’t wrong but is focused on the wrong thing, having locks is already an annoying user experience.
Having to carry keys everywhere and juggle shopping when opening my door sucks. It would suck more if someone entered my house and stole my stuff so I accept the trade off.
It’s the same with MFA. We all accept a worse user experience for significantly improved security.
Ok. Why don’t you try explaining how digital security works to the security professional some more. I’m sure you’ll convince me real soon 😜