> Yes, less secure because availability is part of security.
This is too often forgotten. Availability is a fundamental part of security and must be part of every threat model.
And your threat model needs to be matched with what it is being protected. One size does not fit all.
For example to log in to my brokerage account, I may be ok with a solution where I might lock myself out and have to go to a physical branch to restore access. Because while that would be a pain, it's better than having my life savings stolen.
But to log in to, say, facebook? Availability and convenience is #1 above all, it's just cat videos and other extremely low value stuff so it's not worth any inconvenience.
This is too often forgotten. Availability is a fundamental part of security and must be part of every threat model.
And your threat model needs to be matched with what it is being protected. One size does not fit all.
For example to log in to my brokerage account, I may be ok with a solution where I might lock myself out and have to go to a physical branch to restore access. Because while that would be a pain, it's better than having my life savings stolen.
But to log in to, say, facebook? Availability and convenience is #1 above all, it's just cat videos and other extremely low value stuff so it's not worth any inconvenience.