On similar note, kindly consider implementing fingerprint login on web as 2FA. Same as mobile app. it is much more popular now than when we last discussed it. GitHub, amazon, google, microsoft are all using it
1 Like
Hardly any users set up their accounts like this 
Most of the users would have the same email linked to bank accounts, trading accounts and would have same email account on the phone as well.
Further, the TOTP canât be a part of the reset flow since the key needs to change as a part of the reset flow. If the TOTP doesnât change as a part of the reset flow, then in situations where he has lost access to the TOTP, his account canât be secured by just resetting the password as its a knowledge factor which the user can again lose. The reset flow adopted by us is in line with International security standards.
But, I do get your point, we will explore what better can be done here.
2 Likes
Thanks for this. I will discuss this with the team. We have several measures including allowing hardware tokens as the second factor in the pipeline. We will also explore if the fingerprint login can also be provided.
2 Likes
yes please add yubikey support for 2nd factor. And maybe allowing having multiple 2 factors like in gmail.
1 Like