That should be the bare minimum for everyone, but it doesn’t protect anything if a password is compromised, especially something like email that can lead to getting other passwords.
I suppose in some cases, yea. I was thinking about authenticator apps as MFA and forgot about email. Ideally, all MFA would be through a separate authenticator. For stronger security, something like a ubikey or other hardware security device can be used.
I don’t even think I use websites that would use that. The only “app” like that is google using my phone for new logins. Every other 2fa uses my email. If it’s not a google service, I’d prefer not to have to use an app because I treat my whole phone as insecure.
I just use strong, unique passwords and be mindful when something is asking for my logins.
That should be the bare minimum for everyone, but it doesn’t protect anything if a password is compromised, especially something like email that can lead to getting other passwords.
If your email is compromised, isn’t 2FA also compromised?
I suppose in some cases, yea. I was thinking about authenticator apps as MFA and forgot about email. Ideally, all MFA would be through a separate authenticator. For stronger security, something like a ubikey or other hardware security device can be used.
I don’t even think I use websites that would use that. The only “app” like that is google using my phone for new logins. Every other 2fa uses my email. If it’s not a google service, I’d prefer not to have to use an app because I treat my whole phone as insecure.