Is there a way to not do email verification but still using 2FA? That way, even if a user’s account is somehow phished/compromised, it won’t compromise their other accounts.
I just successfully set up 2FA for an account on another instance that doesn’t have a verified email without any issues, so there’s no need to have done email verification to use 2FA.
Absolutely you can do no phone/email and MFA. It’s a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it’s done on the other side, it just makes sure the codes match.
Is there a way to not do email verification but still using 2FA? That way, even if a user’s account is somehow phished/compromised, it won’t compromise their other accounts.
I just successfully set up 2FA for an account on another instance that doesn’t have a verified email without any issues, so there’s no need to have done email verification to use 2FA.
Absolutely you can do no phone/email and MFA. It’s a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it’s done on the other side, it just makes sure the codes match.