Replies

There is a reason your bank (and most others) wont email you your password after you lose it. It’s not secure. That’s why most lost password protocols send you a link to reset it or a PIN or code, both of which only verify that you are the owner (or at least someone with access too) your email account. Sending a reset code or link to your email is NOT ironclad secure method, but it mostly absolves the bank of their liability, because it’s a reasonable legal assumption that the owner of the email address assigned to their authentication system is the one receiving the email messages. But the point is, they wont just email you your password, because it’s not a reasonable assumption that it will be safe either in transit or in storage.

Although there are still some second rate websites that will email passwords, but I guess that’s just a long-winded example demonstrating how it is assumed that email communication is not safe for private data.

Two factor authentication will actually use a second method to verify your identity, like texting a separate PIN.

Having strong passwords and two factor authentication is rather tiresome for the average Joe, but sadly it is necessary. Big brother isn’t the biggest threat to most people, although it might be for “crypto users” I suppose.