jeffrey bley
So your conclusion is basically that MFA sucks and needs to be left in the last decade, but your solution is MFA, but just not all the time. I’m getting mixed messages. And the fact is that 99% of active hack attempts are going after passwords. That’s why MFA is important. It’s not unbeatable (nothing is) but it’s harder to beat because now the hacker has to physically steal your phone or jump through extra hurdles to get past it. And I don’t know who your MFA provider is but I get my push notifications in 3 to 5 seconds. I feel like this is adding confusion to security discussions and not adding a lot of value.