While I’m on the security beat… the Linux Foundation looked into the use of two factor authentication by developers in open source projects. The results… are not good.
Not quite half, 47.55%, didn’t use it all. Only 32.11% reported that some of their projects do, while just over a fifth, 20.34%, reported all their projects require 2FA.
Why? Lack of decision rather than a choice. They didn’t know it was an option, or it wasn’t considered, or it was thought to be too restrictive to require. “It wasn’t a decision, it was the default.”
Why do we care?
That’s just scary.
Active decisions versus passive ones. An active decision is one you set out to make. A passive one is one that happens to you. They are both decisions, and you have to manage both. Not making a decision IS a decision.
Addressing security, make sure you are looking for these too.
Source: The New Stack