If you think about it the last option is a way to use login via 2fa

But you only need one factor, access to your inbox?

@neidu2@feddit.nl
link
fedilink
39
edit-2
8M

So it’s more like SSO authentication

SSO without 2FA

Unless your email has 2fa?

DacoTaco
link
fedilink
48M

Depends, some ask for the email used for the registration, the others ask for a username. Incase of the username, its a 2fa! Something you know ( username ) and something you have ( access to the registered email’s inbox )!

… Its still a shit security design. Better to have username, pass and a security key hehe

Hmh, I guess, though I feel this is a bit more complicated. What if you can look up the username in the registration mail sent to the inbox? Or it’s a site that uses email addresses as usernames? Is it knowing if said knowledge is inferrable from the thing you have?

DacoTaco
link
fedilink
18M

I think you got it wrong what i meant (?)
Imagine i register on a website with my username ( DacoTaco ) and email ( someEmail@domain.com ). When i want to reset my password and click the “forgot password” link, it would ask my username, not my email address (something i know) and send me an email ( to someEmail@domain.com ) without reporting what email it sent it too. That way it could be considered a separate identity factor i think (access to the mailbox, something you have ).
Websites generally dont work this way, i know. But thats how id implement it :')

Thanks for clarifying. I was mostly trying to apply that scenario to a likely real world one, but there’s definitely cases in which it could be two factor.

Shit, are we getting to that point where all non-password logins are “2fa” like how all denial of services are “DDoS”

@Redacted@lemmy.world
link
fedilink
English
828M

Nah it’s just SFA with extra steps.

Magic link login with extra steps

This is more correct

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 141 users / day
  • 300 users / week
  • 692 users / month
  • 2.83K users / 6 months
  • 1 subscriber
  • 1.56K Posts
  • 34.7K Comments
  • Modlog