• DacoTaco@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    I think you got it wrong what i meant (?)
    Imagine i register on a website with my username ( DacoTaco ) and email ( [email protected] ). When i want to reset my password and click the “forgot password” link, it would ask my username, not my email address (something i know) and send me an email ( to [email protected] ) without reporting what email it sent it too. That way it could be considered a separate identity factor i think (access to the mailbox, something you have ).
    Websites generally dont work this way, i know. But thats how id implement it :')

    • VeganCheesecake@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Thanks for clarifying. I was mostly trying to apply that scenario to a likely real world one, but there’s definitely cases in which it could be two factor.