new | show | ask | jobs Github

max__dev 9 days ago

The article is not about MFA. It is about using email as a single factor.

▲

pandorobo 9 days ago | parent [-]

Thats simple a lie or you didn't read the article.

The very first bullet point states: Enter an email address or phone number

That insinuates email OR SMS.

It doesn't just mention email only.

▲

max__dev 9 days ago | parent | next [-]

The following is copied from wikipedia.

The authentication factors of a multi-factor authentication scheme may include: 1. Something the user has: Any physical object in the possession of the user, such as a security token (USB stick), a bank card, a key, a phone that can be reached at a certain number, etc. 2. Something the user knows: Certain knowledge only known to the user, such as a password, PIN, PUK, etc. 3. Something the user is: Some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.

Email and phone are both in category one, comprising only one unique factor.

▲

sophiebits 9 days ago | parent | prev | next [-]

Half factor authentication, then, since either one will work.

▲

anonymars 9 days ago | parent | prev | next [-]

What is the minimum number of things you need access to in order to log in?

If you have access to the phone, you can log in. OR if you have access to the email account, you can log in.

You don't need to know the user's password, you only need access to one of these inboxes and nothing else. One-factor authentication, but worse, because there are multiple attack surfaces.

▲

stavros 9 days ago | parent | prev [-]

It's still a single factor.

	▲	ulysss 9 days ago \| parent [-]
		Agree with you