[hombre_fatal]

Only if 2FA doesn't open up customer support channels that defeat the point of 2FA, like the common "oops I lost my phone lol" channel attack that gives you access to an account if you can provide the other factor.

(Still) works against Amazon btw: https://medium.com/@espringe/amazon-s-customer-service-backd...

I'd say 2FA is often worse than 1FA because customer support systems are rarely prepared to say "sorry, can't give you access to your account :/". Because 99.9% of the time, it really is a user accidentally locked out of their account.

[tsimionescu]

That has nothing to do with 2FA, has it? Having a recovery procedure that escalates up tp direct phone contact is the norm with or without 2FA. This system is probably older than the Internet, with banks operating on similar principles (of course, it escalates up to physical presence there).

[closeparen]

If the recovery procedure requires only one factor, then “2FA” is a lie.