MFA Post 7: Other Contact Mechanisms (Email, Phone,...)
In addition to sending codes via SMS some service providers may send codes via other contact mechanisms, such as email, phone, or various chat applications. These mechanisms are very similar to SMS: they are mechanisms to deliver a code to a user. Usually the code is 6 digits. The security of these mechanisms varies and depends on a large variety of factors that are largely outside the scope of the mechanism itself. Email, and some of these other ones, are very often used as a possession proof for password reset as well. The assumption is that if you have access to the email account you must be the customer who registered an account with that email address. However, this creates a security dependency. The security of the account you are resetting the password for depends completely on the security of the email account. Sadly, most people do not protect their email account to the extent that would be prudent if you are going to make the security of your retirement account de...