|
|
|
|
|
|
by arubania2
1459 days ago
|
|
|
That is also true for every password-based account without 2FA by means of password reset. Plus, having someone access your email account means you're pwned anyway - they can see your sensitive documents that were received / sent as attachments, they can read recent conversations and phish information, maybe even ask for a downpayment, etc. So the basic rule should be: don't lose access to your email. That doesn't mean that email-based login is good, just that IMO this point is kind of moot. Also, do email-based login flows allow 2FA? |
|
|
Of course, combining email-based login with another factor makes it more secure again, I was just talking about one factor.