re: #213 TedStriker
That’s why I always generate random passwords (usually much longer than the actual password for the account) for the answers to security questions, like for my BofA account, and store the questions and generated “answers” in my LastPass vault.
That’s the recommended approach, but it’s still yet another password, not true two-factor auth. The factors of authentication are:
1) Something you know,
2) Something you have,
3) Something you are.
Biometrics wind up actually falling in the category of 2) above, since most accessible biometrics are also things that can be taken from you (by force, if necessary). Nevertheless, wish-it-were-two-factor authentication obviously fails the above test, essentially providing multiple forms of factor 1.