Comment by spacebanana7

Comment by spacebanana7 5 days ago

1 reply

View on Hacker News

Email OTP can be useful as a layer in risk based authentication.

If someone tries to log on to your site from a low reputation VPN, throwing an email OTP challenge can give some assurance it’s a genuine user logging in. Rather than a spammer or something like that.

Freebytes 4 days ago

Yes, it makes sense if the environment has changed, the device has changed, or if the person is logging in from a higher threat source such as a VPN IP address. However, if nothing changed, it is a waste of time in many cases.

Reply View 0 replies