|
|
|
|
|
|
by derefr
4374 days ago
|
|
|
I would think that, if you have a big fraud-detection engine like Paypal's in place, 2FA isn't so much an enforced requirement for login, as it is a big fraud-signal when the user chooses to circumnavigate it. Like any other fraud-signal, though, it can be countered with enough evidence that you are who you say you are--with security questions at a weak level (maybe enough to counter a 2FA token that was only set up a few days ago), or with demands for scanned photo ID at a higher level (if you use 2FA all the time.) |
|
|