April 7, 2021

Passwordless vs 2FA: which authentication method is more secure?

Not so much to add to the thread title.

Passwordless authentication systems (take [Medium.com](https://Medium.com)’s: OTP “magic link” send to the user’s email to login; so I guess effectively email-based OTP) are more convenient to users compared to software-based 2FA:

* No need to set up the second factor in a software authenticator
* If all websites were protected with email OTP, users could simply ensure that their email login were secured with a second factor and all other login requests route here. Conversely, this would create a single point of failure in the system: if a hacker were to gain access to email, they could authenticate everywhere, because email OTP was protecting all other systems.

Those are my (unqualified) impressions anyway. But I’m seeing more and more websites using these email OTP / “magic” links. So I was wondering what you guys think of the various pros and cons vis-a-vis 2FA?



Two factors are inherently more secure than one.

All the OTP does is defer security to the security of your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.