Originally Posted by
TheDudeAbides
Mark me in the camp that thinks this is unnecessary. Brokerage accounts, yes. Bank accounts, yes. HIPAA-protected data, yes. Frequent flyer accounts, really?
I think it is necessary, but only for "risky" operations. Normal login should not require MFA. I agree that would be ridiculous. But such things as redeeming miles for somebody else, changing password or email, etc, these should require MFA confirmation.