re: Evernote Breach: What It Means To Enterprise IT
Great thoughts here Jonathan. The Blizzard approach is pretty interesting. I have to say that it's hard to believe that a lot of consumer facing companies don't offer the same thing. For example, I'd opt-in if my bank (a pretty big bank) allowed me the option of a hardware token for online banking (my friends who live in Europe have them, but I'm told they're culturally to inconvenient for Americans).
It has been a while since I brushed up on my token expertise -- but I'm trying to figure out why, for example, RSA can turn this opportunity into a big business. Give me one SecureID token that, as an end-user, I can apply the services of my choosing (my bank, Evernote, etc.).
Finally, in its post-breach messaging, I'm surprised Evernote didn't advise users and customers to be cautious about continued usage of your old Evernote password for other services.