Either make me create a password and then let me into my account or let me use my phone number/email to verify. It’s becoming too much to get into every day stuff. If I have biometrics on there is zero reason for anything else.
Basically the current security system is overdoing it. I suggest getting rid of passwords all together OR only requiring one or the other. Like it I forget my password or I forget my phone I can use the other but JFC its a hassle.
Bad idea.
Lets say you get your way and you have an username or phone number that identifies you and only your phone client that authenticates you. If I can get your username/phone number, I can try to log into your account from my device. I can either just spam you incessantly until you accidentally authorize my device, or I can be very stealthy and when you are logging in from your device, I’ll immediately send a request my own. You will authorize my device thinking its the one you’re logging into.