top | item 44820349

(no title)

pandorobo | 6 months ago

Very short, badly written article. It can't even describe phishing correctly... At least label your threat model correctly.

While the premise is correct -- it's easy to complain but the author also provides zero recommendations on what is a better form of MFA.

discuss

donatj|6 months ago

You misread the short article.

It's about email as single factor auth, which has become very trendy of late. You just enter your email address, no password, and the email you a code. Access to your email is the only authentication.

pandorobo|6 months ago

Clearly I didn't misread that. It's literally the very first bullet point?

M95D|6 months ago

But then, email always was the only authentication. On any site, click "forgot password" and promptly they send you a reset password link. Very few sites have a challenge question.

pandorobo|6 months ago

The first bullet point mentions phone number.

- Enter an email address or phone number

Thats not just email, that's also SMS.

Ferret7446|6 months ago

> It's about email as single factor auth, which has become very trendy of late

I must be in the wrong bubble, I have not encountered any site that does this since the 2000s. It was a minor trend around then IIRC.

ipython|6 months ago

The first factor is access to your email. The second factor is…?

wodenokoto|6 months ago

The article is not about multiple factor authentication.

It’s about single factor, password logins, using a one-time-token

max__dev|6 months ago

The article is not about MFA. It is about using email as a single factor.

pandorobo|6 months ago

Thats simple a lie or you didn't read the article.

The very first bullet point states: Enter an email address or phone number

That insinuates email OR SMS.

It doesn't just mention email only.