Either by sending a code to SMS or Email, you are able to sign into your account without ever needing to or being able to add a password. Why has this become a thing recently?
Either by sending a code to SMS or Email, you are able to sign into your account without ever needing to or being able to add a password. Why has this become a thing recently?
They’re offloading authentication to your email provider. It’s basically quick and cheap oauth. I think it’s because they’re trying to avoid being a vector for a data breach.
The irony being that putting all of a user’s eggs in one basket makes things far riskier for the user, and not less.
Smearing authentication credential data out across the entire Internet makes a sloppy user safer because the inevitable breeches that come with being sloppy are contained, but it increases the demands on a safe user while also increasing their attack surface. Though such a user does typically have a single point of failure in the form of their own sloppy password management.