Either make me create a password and then let me into my account or let me use my phone number/email to verify. It’s becoming too much to get into every day stuff. If I have biometrics on there is zero reason for anything else.
Basically the current security system is overdoing it. I suggest getting rid of passwords all together OR only requiring one or the other. Like it I forget my password or I forget my phone I can use the other but JFC its a hassle.
Yes, but there are a lot of people arguing here about how bad passwords are because they get leaked and you need so many of them that it is a struggle for people to remember them. So, if passwords are so bad, why should they be maintained as a method of authentication?
They’re not really that bad, lots of people are just bad at using them. A lot of breaches happen because someone gets lazy and uses a default or something stupidly simple like what you’d use on your luggage.
Yeah, but people have several dozen accounts, passwords have to change on some of them, and it used to be very discouraged to write passwords down so people needed to remember them.
A system has created where there are massive failures in its use because it was poorly implemented.
Then you need to know 2 different codes.
They would need to hack the server password database or your password app AND have physical access to your device.
It is the same concept as using biometric + TOTP or password.
Something you have, something you know, something you are: those are the 3 general “factors”