Would love for you to describe exactly how it’s more complicated.

YOU JUST DID, below

From my perspective

neat.

I click a single button

… on your device tethered to a single app by a single vendor and their closed data store

and it’s set up.

… and tethered to prevent you from churning.

To log in I

… wait online to …

get a notification on my device,

… or send it again. Or again. Try again. Maybe mail it?

I click a button and I’m logged in.

Yeah. Just click (tap) a button (enter a code).

Using a big-brand MFA setup at one job that requires ‘one button’ and ‘get a notification’ and ‘click a button’, I know you’re glossing over the network issues HEAV-I-LY.

Now do it in airplane mode. Do it when the token organization is offline. Do it when there’s no power because the hurricane hit and there’s no cell, no data, no phones, and your DC is on its last hour of battery and you have to log in because the failover didn’t run.

Do it when your phone fell on its face in the rain into a puddle and it’s not nokia.

Do it when you either have cell service and 5% battery, or 100% battery from inside the DC and no cell service.

Do it when you’re tired, hungry, drunk, lost your glasses in the car accident.

The D in DR means DISASTER. Consider it.

they must have meant technically complicated, which is also meaningful in consumer technology.
like if it’s true that it requires an internet connection, that’s quite bad, partly because of yet another avenue for possible tracking, and what if the service you want to access is not on the internet, but the passkey doesn’t work without it still