I’ve been going through updating all of my accounts (passwords, 2FA, etc.), and I’ve noticed that there are a lot of sites that don’t offer any form of MFA.
I can understand smaller services that might not have the bandwidth, but surely larger organisations are able to get this setup?
The larger the organization, the larger their resources, but also usually the greater their complexity and legacy burdens. Large organizations also move slowly. All of this can delay things long after we might think they ought to have happened.