Given this problem…

Even with two factor authentication, you need a mechanism to reset if you forget your password and/or lose your second factor (whatever that is).

…the guys at CryptoPhoto came up with a neat idea: have another factor authenticate you in case you lose access to one of your first two. Kinda like 2.5FA. Their solution is based on pictures, but it could really be anything (that’s not based on the same technologies as the first two).  The idea is not new, after all the corporate world’s service desks have been resetting user credentials with a vouch key from a 3rd employee forever, but translating it into the internet world where there is no 3rd, trusted-by-both party is still required.

via Two-Step Verification Dances Around the Issue.

Comments are closed.