Liste des Groupes | Revenir à cm android |
Chris <ithinkiam@gmail.com> wrote:
However, in this case it's by design not nefarious. The 'F' in. 2FA is
"factor" meaning that you need two different sources of truth. Your
password is one and a known device is the second. VOIP is neither
known nor a device so cannot be trusted as the endpoint could be
almost anything.
Yet 2FA codes are also sent by e-mail. Someone is on your phone using a
web browser, gets the login 2FA interruption, and the 2FA code gets sent
to e-mail which is accessed on the same phone. Yeah, that really
thwarted the 2FA-enabled login ... not! 2FA only makes sense when 2
*different* devices are used for login and to where the 2FA code is
sent.
Les messages affichés proviennent d'usenet.