Quote:
Originally Posted by BritTim
For people who only use email for casual correspondence, these changes are not especially important. However, where email contains potentially confidential communications, it becomes important to keep accounts secure. 2FA, and especially U2F, are useful tools in assisting to ensure this, as are app/device specific passwords.
|
I'd argue that with the continuing use of email as the recovery option for most internet services, and with the prevalence of phishing scams, some sort of 2FA is worthwhile for all users. Unfortunately it is more complicated and requires some extra vigilance that is difficult for many users, so 2FA is unlikely to be something that we ever mandate. We are going to recommend it wherever possible and keep doing whatever we can to drive adoption