A few weeks ago I received an unsolicited email from the Belgian Center for Cyber Security. It starts with the statement that 80% of cyber attacks could be avoided if 2FA was active and then says literally that If you only use a username and password for your remote logins, you're a sitting duck. This is not true, username and password are no less secure than 2FA. In a way, they are more secure. I know this is controversial, but please bear with me, and I will explain CCB assumptions, my assumpt...