This Week I Learned: Mutual Human Authentication [2022–03–18]
It’s an idea for multi-factor authentication: send someone a link to the text (or whatever) you’re sending them, and when they click it you get a notification asking for your approval. Only if you approve do they get the info.
That’s an interesting take on the problem. If you get a request that is in some way unexpected then you can just say no or ignore it. To let out the secret, the request has to seem legit to another human. I assume that they send supporting info such as who is logged in and requesting access, when they requested and roughly where they appear to be.
One effect is that sending out a link to secret info can be done in a much more cavalier fashion since you yourself have to take a second action later before it is actually released.
