Is 2 factor authentication enough?
The value of a second factor when it comes to authentication has been widely discussed, here and across the media. A second factor when authenticating gives the user a second level of protection, which might be enough to stop many of the basic hacks sites and organizations have fallen victim to, where all that was needed to access a system was a valid set of user credentials.
A chat room service called Slack got hacked this week, and in response, added 2 factor authentication. But that's not all they did - they also added a "password kill switch feature" which allows an administrator to kick out groups of users and require a password reset. Balancing user experience and security has also been discussed at length here, but Slack adding this feature suggests that security isn't always losing to ease of use anymore. The difference here is that an administrator would use this feature when they suspect that some thing might be amiss, showing that a heightened awareness of security and potential security risks is part of the response. This is different some simply adding complexity to password requirements or even by requiring a second factor, which effects all users. Slack's decision to add security that is responsive is a step beyond requiring 2 factor, in the right direction