Is It a Recommended/Best Practice to Use Email as a Component in Two Factor Authentication?

Problem scenario
You want to implement a secure protocol for authentication. You want there to be a password and a second factor of authentication. Can an email (being in possession of an inbox) be a factor in MFA?


No, according to NIST:
But many companies do use email as a factor in multi-factor authentication.

Leave a comment

Your email address will not be published. Required fields are marked *