yes, obviously, but that doesn't make forcing logins through emails any safer, that's my point. I don't want emails, I don't want texts, I use a password manager, just leave me the F alone and stop taking up all my time with this BS that doesn't make me safer!
I hope we're not talking past each other, because this exchange is why you do NOT let security people control UX for your product, because security is always trade offs. That said, if email password reset was already possible then eliminating passwords objectively removes an attack path—at a UX cost
I'm not in security, so I believe you. We're talking about different issues. I don't want emails, I don't want texts, I don't want it to take 5 minutes for me to log into every fing website all day, that's my point. My life is being taken over by this shit and I'm fed up!