Just as traditional login credentials where somewhat reliable before MFA became vital, do you think at some point MFA as we know it would not be enough to secure an application user? If yes, can you think of what the next layer of user authentication mechanism would look like?
While developing haveibeenpwned , did the thought ever cross your mind that this could be used as a counterproductive tool, i.e. used in a social engineering attack, obtaining information that could be used for leverage on a person who may be up to no good and forcing them to pay ransom to keep the data safe. Having accounts, they shouldn’t have etc. gambling/ dating sites?
What advice would you give to companies like Edgescan to try encourage other organisations to improve their policies around credentials. Should all developers be looking to hook into the haveibeenpawned api?
Can a better experience while using MFA (multi-factor authentication) be created especially for non-tech savvy individuals
Big thanks to Troy for being so generous with his time and to the Edgescan team for coming up with the questions.
Marketing Executive of Edgescan