How can we help?

Support Home Single Sign On Why isn’t email recommended for resetting my password, unlocking my account, or Multifactor Authentication?

Why isn’t email recommended for resetting my password, unlocking my account, or Multifactor Authentication?

Our Information Security team recommends you use SMS or Authenticator apps instead of email when possible to add an extra layer of complexity to your account security.

For example, if you use SMS or an Authenticator app for Multifactor Authentication (MFA) and your email is compromised, your account won’t be accessible to the perpetrator because they would also require access to your phone to login.

However, if you use email for MFA in this example your account is at risk of being hijacked since the MFA code will go to the same email that has been compromised. You would have no way of knowing that your account has been compromised since notifications that a password has been reset, MFA has been changed, or a login has been detected from a new device all go to that same email address.

Was this article helpful?

Related Questions:

Can’t find the answers you’re looking for?

Our customer care team is here for you.

Contact Support