DEV Community

Discussion on: Deep Dive: Multi-Factor Authentication with .NET 5

Collapse
jgerle profile image
Jan Gerle • Edited

Thanks for sharing, Mo! This classic MFA approach relies on passwords, which are indeed inherently bad and need to vanish asap tbh. OTP tokens are an improvement, but they are still phishable (can be used on a fraudulent website). The most up-to-date, phishing-proof and really convenient MFA standard is WebAuthn. Have you considered implementing that?

Collapse
moe23 profile image
Mohamad Lawand Author

I have read about them, but I haven't implemented it yet. Maybe this could be an interesting topic for a future video :)