A recent blog post by OnDemand Managing Editor Mathew J. Schwartz raised a number of issues about the ongoing risks involved in using passwords for authentication. Following the post, comments came flooding in. Implementing multi-factor authentication at other points besides the initial login would add the necessary friction to prevent account takeover, but also preserve convenience and user experience. A second authentication when a change is made to an account password or e-mail account, preferably an out-of-band second factor like a phone confirmation, would.”]
Source: https://www.cuinfosecurity.com/blog-post-on-passwords-triggers-debate-a-7661