Can a 2-Digit MFA Code Really Be More Secure Than 6?

I had an interesting chat with a co-worker a couple of weeks ago about Microsoft’s move to use a 2-digit MFA prompt instead of the traditional 6-digit time-based code. At first glance, that sounds like a downgrade; fewer digits must mean weaker security, right? But the truth is, the mechanism behind it is very different. Email codes and “magic links” Many applications send a one-time code or magic link to your email. While convenient, this is only as secure as your email account. If an attacker already has access to your inbox, they can trivially intercept those links and reset your password.