Ben Tasker on Nostr: It's still 1 factor (rather than 0FA). IIRC, Microsoft started that ball rolling with ...
It's still 1 factor (rather than 0FA).
IIRC, Microsoft started that ball rolling with their Passwordless login option (https://blogs.windows.com/windowsexperience/2021/09/15/microsoft-announces-passwordless-future-available-across-microsoft-edge-and-microsoft-365-apps/)
But, I agree, it's really dumb.
I'm not a fan of SMS 2FA at all, but it at least requires you know secrets (my password) too rather than just needing to compromise one (central) component - it's hard not to view it as providers trying to outsource liability for compromise
IIRC, Microsoft started that ball rolling with their Passwordless login option (https://blogs.windows.com/windowsexperience/2021/09/15/microsoft-announces-passwordless-future-available-across-microsoft-edge-and-microsoft-365-apps/)
But, I agree, it's really dumb.
I'm not a fan of SMS 2FA at all, but it at least requires you know secrets (my password) too rather than just needing to compromise one (central) component - it's hard not to view it as providers trying to outsource liability for compromise