top | item 44820386

(no title)

max__dev | 6 months ago

The article is not about MFA. It is about using email as a single factor.

discuss

pandorobo|6 months ago

Thats simple a lie or you didn't read the article.

The very first bullet point states: Enter an email address or phone number

That insinuates email OR SMS.

It doesn't just mention email only.

max__dev|6 months ago

The following is copied from wikipedia.

The authentication factors of a multi-factor authentication scheme may include: 1. Something the user has: Any physical object in the possession of the user, such as a security token (USB stick), a bank card, a key, a phone that can be reached at a certain number, etc. 2. Something the user knows: Certain knowledge only known to the user, such as a password, PIN, PUK, etc. 3. Something the user is: Some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.

Email and phone are both in category one, comprising only one unique factor.

sophiebits|6 months ago

Half factor authentication, then, since either one will work.

anonymars|6 months ago

What is the minimum number of things you need access to in order to log in?

If you have access to the phone, you can log in. OR if you have access to the email account, you can log in.

You don't need to know the user's password, you only need access to one of these inboxes and nothing else. One-factor authentication, but worse, because there are multiple attack surfaces.

stavros|6 months ago

It's still a single factor.