...trimmed...
Two-factor authentication is when you need to confirm your login with an
SMS message or one-time pad or other second way of authenticating that
you are who you claim to be. 2FA is popular because users choose weak
passwords and share them between services. If users generate a unique
strong random password for every service, little is gained with 2FA, and
2FA is then just a massive pain in the arse. But user behaviour is
unreliable.
In the last couple years many corporate and not-for-profit organizations have implemented
2-factor authentication internally. Even in the physical office many transactions require 2FA interaction.
Where I am now that is also the case, and 2FA is configured to prompt with a choice between receiving
the 2nd factor by SMS text message, voice call, or email. They're using Pulse 2FA. So your provider
can do that too if they want to. But the whole point of 2FA is that there shall be a second response
from a previously known location for you: phone number, email address, etc.
That's the value added in exchange for Ash's "massive pain in the arse". Just making the 1st factor be
a loong password is not equivalent to 2FA in any way. Machine reaching back to you is the difference.
.......
Kind regards,
--
Ash Joubert <ash@transient.nz>
Director
Transient Software Limited <https://transient.nz/>
New Zealand