Because once the keys are generated and stored on the user side, and likelihood of their compromising is much higher than the one-time code generated repeatedly by a certain algorithm.
I think that for secure all means are good, and service need provide users ability to use all of them, for example, in realization one project we using digital pin+ master password, two-factor authentication and multisig, and it really safe
You are viewing a single comment's thread from:
Not only me raised the issue, it is therefore relevant
https://steemit.com/steemit/@blakemiles84/steemit-needs-two-factor-authentication
https://steemit.com/proposals/@thebatchman/supposedly-hacked-accounts-on-steemit-time-for-a-new-proposal#@mixa/re-thebatchman-supposedly-hacked-accounts-on-steemit-time-for-a-new-proposal-20160714t160009976z