Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With an email link or a Yubikey it might, but with SMS or an Authenticator app it doesn't add any extra way for me to identify the site.


Email is not really a 2FA though if it can also be used to reset your password.


Interesting point. I hadn't thought about that. Helps that access to my email is 2FA, but it does make for a single point of failure.


That's true, I was talking about a Yubikey.


But the tweets this article was written in response to, weren't.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: