The Edgescan Team Sent Questions to Troy Hunt (Part 3 of 3)
Troy answers the following questions in this video
Just as traditional login credentials where somewhat reliable before MFA became vital, do you think at some point MFA as we know it would not be enough to secure an application user? If yes, can you think of what the next layer of user authentication mechanism would look like?
While developing haveibeenpwned , did the thought ever cross your mind that this could be used as a counterproductive tool, i.e. used in a social engineering attack, obtaining information that could be used for leverage on a person who may be up to no good and forcing them to pay ransom to keep the data safe. Having accounts, they shouldn’t have etc. gambling/ dating sites?
What advice would you give to companies like Edgescan to try encourage other organisations to improve their policies around credentials. Should all developers be looking to hook into the haveibeenpawned api?
Can a better experience while using MFA (multi-factor authentication) be created especially for non-tech savvy individuals
Be sure to subscribe to the Edgescan Blog. Watch /edgescan-questions-answers-with-troy-hunt-part-2/“>Part 2 here.
Big thanks to Troy for being so generous with his time and to the Edgescan team for coming up with the questions.
Troy Hunt is behind “Have I Been Pwned” and is a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals.
