|
|
|
|
|
|
by rsync
504 days ago
|
|
|
Email can be a perfectly good second authentication factor. It depends on the asset you’re protecting and your threat model. I have quite a few accounts whose value does not cross a threshold where I care about the risks of email… and my workflows would be enhanced dramatically if I could use it as a second factor. The reason I can’t is not because of security or anything at all to benefit me, the user. It is because the services themselves need to throw sand in the gears of the bad actors abusing their services. |
|
|