Hi, Would it be possible to enable two-step verification via email, in addition to the current options of authenticator app and SMS?
While I get that this would require an intruder to also need access to a person’s e-mail to be able to login, getting access to someone’s e-mail (especially if you know one of their passwords) is sadly way too easy these days.
Requiring something like an authenticator app or SMS (for which you need access to the phone of the user in general), makes it a lot harder for any potential intruders.
Besides, various password managers nowadays support 2FA, have a browser plugin and even have shared vaults, so you can kind of circumvent the annoyance of having to link the account to a single device if this is a problem.
So yeah, I reckon they left out e-mail as a 2FA option by design.
Regardless, options are always nice and it is better than not having any 2FA.