First of all, Fuck 2FA! 2FA = companies fishing for phone numbers to identify and track you.
This post is from 2014.
Meanwhile I suggested that an any login attempt you would receive an email, you don't have to know your password to the service.
Effectively Microsoft is the only company doing it like this. You don't need a password, every time you log in you can opt to have a login link sent to your email address instead of using a password.
That IMHO makes sense. And I'd go one step further.
Anytime anyone tries to use your service, don't ask a password, just ask for their email address.
The most detrimental or annoying part of a sign up process is picking a password and worse, some stupid services demand you repeat your email or password.
Let the user sign up effortlessly.
I won't even start about how awful captcha is.
If you use a JS form and means of sign up or login you don't need captcha.
This post is from 2014.
Meanwhile I suggested that an any login attempt you would receive an email, you don't have to know your password to the service.
Effectively Microsoft is the only company doing it like this. You don't need a password, every time you log in you can opt to have a login link sent to your email address instead of using a password.
That IMHO makes sense. And I'd go one step further. Anytime anyone tries to use your service, don't ask a password, just ask for their email address. The most detrimental or annoying part of a sign up process is picking a password and worse, some stupid services demand you repeat your email or password.
Let the user sign up effortlessly.
I won't even start about how awful captcha is. If you use a JS form and means of sign up or login you don't need captcha.