← Graph

Why MFA via email and not authenticator app or SMS?

question 2 connections

Audience asks why MFA via a second device or an authenticator app was considered unsuitable, and what made email MFA the right fit. Andrei explains the goal was minimum user distraction: the team did not collect phone numbers (ruling out SMS), and requiring users to install a separate authenticator app is extra friction that risks losing them. Email was the simplest option with the least impact on user experience.

answer_summary
Minimize user friction to avoid churn: no phone numbers on file (no SMS), authenticator apps add an install step, email is the lowest-friction option.
question Why MFA via email and not authenticator app or SMS?
about
devise-two-factor tool
About why the email factor was chosen over TOTP/SMS.
question Why MFA via email and not authenticator app or SMS?
asked_at
Prevent account sharing talk
Q&A question at the talk.

Provenance

Created in
wroclove.rb 2024 — Prevent Account Sharing (Andrei Kaleshka) 2026-04-17 23:20
Read by
1 extraction