General Discussion
In reply to the discussion: Wow, the cloud is the worst idea in tech history [View all]Xithras
(16,191 posts)I regularly develop software for clients running on cloud platforms like Azure or AWS, and they all use multifactor authentication that is nearly unbreakable. You can't brute force multifactor, so the only way to infiltrate them is to find a direct exploit, which makes the cloud platforms no more or less dangerous than using a local datacenter.
The real problem is that consumer grade applications don't use multifactor because consumers generally don't know what it is, and instead rely on primitive username/password singlefactor authentication models that can be brute forced or cracked by anyone with a bit of time and resources. The username/password model is inherently and irreparably insecure, and yet nearly all consumer web and cloud applications still depend on them. Until we can move past the password, we'll never really make cloud storage safe.