I know one mail provider [danwin1210] where 2FA is hidden under an encrypted GPG key message to access account settings. It interested me and I would like to know what opinion it would be for you, would GPG as 2FA suit for securing way more other accounts?
This would put the ability to use 2FA, even by tech-illiterate members of the community, under the assumption they can use PGP technology. Most of the people that use any account will not know how to use PGP. Also, this would open us up to PGP key compromise by a fake login page or browser-in-browser attacks. I would rather lose access to one account than every account connected to that PGP key. Let alone, my numerous other protected files, which use that key.
3 Likes