|
|
|
|
|
|
by hunter2_
13 days ago
|
|
|
I can imagine an evolution like: 1. Introduce passwords 2. Introduce email-based reset flow 3. Introduce 2FA (optional) 4. Someone says "take the password reset flow, trigger it automatically when a user tries to log in and has only given their email, hide the password field during login, and after the email is validated drop the user back to their previous journey instead of having them set a new password" 5. You see #4 as #3 failing, but when #3 was never applied it's not quite that. Aside: making #3 mandatory would be smart. |
|
|