Quote:
Originally Posted by PON
A time delay before SMS kicks in as a fallback authentication approach seems to me a potential double-edged sword when you need access to mail NOW and don't have a Yubikey -- your keys are missing or whatever.
|
I can well believe some would prefer the slight security risk of an account hack over the possibility of being locked out for a limited period. That is why I suggest the time delay should be a user controllable option. Personally, I feel more concerned at the (admittedly slight) risk of my account being hacked, the password changed, and losing control permanently than the inconvenience of temporary unavailability of the account if I fail to plan ahead.