Thanks for sharing, Mo! This classic MFA approach relies on passwords, which are indeed inherently bad and need to vanish asap tbh. OTP tokens are an improvement, but they are still phishable (can be used on a fraudulent website). The most up-to-date, phishing-proof and really convenient MFA standard is WebAuthn. Have you considered implementing that?
Thanks for sharing, Mo! This classic MFA approach relies on passwords, which are indeed inherently bad and need to vanish asap tbh. OTP tokens are an improvement, but they are still phishable (can be used on a fraudulent website). The most up-to-date, phishing-proof and really convenient MFA standard is WebAuthn. Have you considered implementing that?
I have read about them, but I haven't implemented it yet. Maybe this could be an interesting topic for a future video :)