@dplattsf @pjohanneson @thomasfuchs "People get breached" is not a good argument against getting breached.
And speaking of Troy's site, why didn't 23andme disallow the top 1000 passwords from HIBP or at least rockyou?
why didn't they disallow tons of requests probing passwords?
why didn't they require 2fa?
any of these would likely have prevented this. all of them together would almost certainly have.
who are you helping here? a company that just made millions of people's genomes public with their indefensible policies?
@dko @thomasfuchs @pjohanneson same reason your bank is still using sms for 2fa. people get upset if you force them to do it the right way. and they get outraged if you don’t. This would be the perfect setup for #GWAS on #password and #2fa hygiene