Quote:
Originally Posted by Johnny199r
I just don't understand why there can't be an email verification option rather than SMS. I have a Mastercard and there's an email option.
|
The problem with email as a verification method is that it is the least secure.
Most secure is an authentication app
Next is SMS text message
.
.
.
.
Then several steps below you have email. Let me explain
Authentication app would require a bad guy having a live conversation with you.
SMS text- you could be a victim of SIM swapping, but not very likely. You could also be asked to relay the code to the 3rd party, but once again that would require you to actively participate.
With email, your emails could be getting forwarded without your knowledge. Especially if you use the same password for everything, once a bad guy has one password he has them all. So he watches your email to wait for emails from you bank, and then uses that to log into your banking. Then when it prompts for MFA, the bad guy just simply relays the code he just received.
The bad guy wouldn't even need to forward the emails if he knows your password; he could just keep checking your email.
Now you might say you use a bunch of different passwords or a password manager; however the issue is the people who are most likely to be a victim of fraud are also the ones who would need the most protection from email MFA options.