Hacker News new | ask | show | jobs
by cube2222 2890 days ago
That's technically not two factor if you only need to know a password to get access to the one-time code.

It's two passwords, both are something you have to know, there's nothing you need to have or be (sms and biometrics respectively)
1 comments
romwell 2889 days ago
Your comment highlights why phone-based 2FA is not a 2FA.
link
cube2222 2884 days ago
It is, you need to have the phone.

But if you can access the phone content remotely behind a password, then it stops being 2FA.

link