Why Nostr? What is Njump?
2024-04-10 10:31:51
in reply to

Bernard Sheppard on Nostr: Yeah, OFA was half in jest - but you don't even need to know the account number or ...

Yeah, OFA was half in jest - but you don't even need to know the account number or username: if you have a list of emails and phone numbers, and get control of one of those email accounts, and you were a bad actor, you would be crazy not to at least attempt to log in: you need no other factor. You don't need the thing you know (the password) and the thing you have (the phone) for the 2FA. The email as a factor is sort of there, but only just.

The assumption is that every customer controls their accounts at all times.
Author Public Key
npub1x8x83f5fk7ft9hypmyy62edtpkasd0mkf38wwn5e0yegrkh7aqvsds57yr