> Honestly, we can't let basic security turn into an arms race.
Are you implying that expecting an organization that manages critical infrastructure turning on 2FA and setting secure passwords is an arms race? Hell, if I was a local coffee shop, I'd still expect my employees to use 2FA and a password manager to log into company computer systems.
Are you implying that expecting an organization that manages critical infrastructure turning on 2FA and setting secure passwords is an arms race? Hell, if I was a local coffee shop, I'd still expect my employees to use 2FA and a password manager to log into company computer systems.