undefined | Better HN

0 pointsnecovek5y ago0 comments

Other than requiring some form of government issued identification (including prior to the incident), or a well built reputation using GPG (but those are not going to be users you mention), how would achieve that today?

And as the GP says, what role would 2fa play in that scenario?

0 comments

londons_explore5y ago

2fa simply means the user has more ways to potentially identify themselves... That means as a service you should try harder to stop someone else getting in, but also try harder to maintain access for the real owner. The 2fa code should help you do that, because now there are more things that the real account owner can do to identify themselves that an attacker cannot.

necovekOP5y ago

The increased security from 2FA comes from using both factors to authenticate to a service.

If you are not using both, then it's a single factor authentication.

You still haven't answered the core question: how do you do what you propose (keep strong security and allow easier restoration of an account to the real owner) today?

j / k navigate · click thread line to collapse