In the modern age of mass credential stuffing attacks exploiting password reuse, MFA is one of the most effective tools for reducing unauthorized logins. Companies that don't adopt it are risking unacceptably high levels of credit card chargebacks.
I wish the standard were for companies to check new passwords against leaked password lists, e.g. what https://haveibeenpwned.com uses.
I use a similar workflow and have found that websites that allow passkey-based login can avoid the friction of waiting for TOTP codes or magic links.
I wish the standard were for companies to check new passwords against leaked password lists, e.g. what https://haveibeenpwned.com uses.
I use a similar workflow and have found that websites that allow passkey-based login can avoid the friction of waiting for TOTP codes or magic links.