On Thu, May 12, 2022 at 6:06 PM Ash Joubert <[email protected]> wrote: ...trimmed...
> Two-factor authentication is when you need to confirm your login with an > SMS message or one-time pad or other second way of authenticating that > you are who you claim to be. 2FA is popular because users choose weak > passwords and share them between services. If users generate a unique > strong random password for every service, little is gained with 2FA, and > 2FA is then just a massive pain in the arse. But user behaviour is > unreliable. > In the last couple years many corporate and not-for-profit organizations have implemented 2-factor authentication internally. Even in the physical office many transactions require 2FA interaction. Where I am now that is also the case, and 2FA is configured to prompt with a choice between receiving the 2nd factor by SMS text message, voice call, or email. They're using Pulse 2FA. So your provider can do that too if they want to. But the whole point of 2FA is that there shall be a second response from a previously known location for you: phone number, email address, etc. That's the value added in exchange for Ash's "massive pain in the arse". Just making the 1st factor be a loong password is not equivalent to 2FA in any way. Machine reaching back to you is the difference. ....... > > Kind regards, > > -- > Ash Joubert <[email protected]> > Director > Transient Software Limited <https://transient.nz/> > New Zealand > >
