An unfortunate fact is that many companies don't support anything other than sending a token via email, SMS, or sometimes a voice call. I've seen several large banks, insurers, etc. who do this. It's maddening when you sign up for access to something and are restricted to these options.
On Mon, Apr 19, 2021 at 11:49 AM William Herrin <b...@herrin.us> wrote: > On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka <mark@tinka.africa> wrote: > > It's all about convenience, and how much they can get > > done without speaking to human. > > Hi Mark, > > Convenience is the most important factor in any security scheme. The > user nearly always has a choice, even if the choice is as > rough-grained as "switch to a different company." If your process is > too onerous (the user's notion of onerous) then it simply won't be > used. An effective security scheme is the strongest which can be built > within that boundary. > > > If a key fob can be sent to them - preferably for free - that would help. > > Hint: carrying around a separate hardware fob for each important > Internet-based service is a non-starter. Users might do it for their > one or two most important services but yours isn't one of them. > > Regards, > Bill Herrin > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/ >
