|
|
|
|
|
|
by spiffytech
1343 days ago
|
|
|
An email-based password+2FA reset loop is an option. The major motivator for 2FA is preventing replay of captured credentials for your own app, leaving out-of-band authentication permissible. Just hope the user didn't use the same password for your app and their email. You could also try human-in-the-loop authentication by having the user describe their account contents to customer support. However, that's notorious for allowing account takeovers because people are always the weak point in security. |
|
|