so i created an account on allrecipes.com, since I often get recipes there. created account with my email, then had to do the “go to email, get code, back to website, paste code”. pretty standard stuff. but instead of then wanting me to create a unique password, i was just logged in. i looked around the usual places for a “set my password” option, but none found. so logged out, then login again; no password prompt, instead, sent code to my email, and i could either click the link in the email (which opens a new tab with me logged in) or c/p the 5-digit code “they call it a “button”).
seems to me this method is a valid way to replace passwords. as long as i can get the code by email or sms or whev i prefer, is there any need for a password? we trust the “send me a code” as secure enough for 2fa, so why not use it for login? one contra: does this not put us back to 1fa? I don’t think so, since there are 2 factors: something you have (phone or email) and something you know. but…???
