21 Matching Annotations
  1. May 2023
    1. “Multi-factor authentication needs multi-factor enrollment,” noted Taku. It shouldn’t have been possible to enroll just using a stolen password. He listed numerous possibilities, among them credentials handed out in person, a one-time password, or a PIN sent to the employee’s registered email or mobile.
  2. Apr 2023
    1. Whereas U2F only supports multi-factor mode, having been designed to strengthen existing username/password-based login flows, FIDO2 adds support for single-factor mode.
  3. Mar 2023
    1. If you can unlink your address from a locked out account and then link it to a new account and add new 2FA factors to new account, and basically set it up again to be a replacement nearly identical to the original... how is that any different / more secure than just using a "reset account" feature that resets the original account (removes 2FA)?

      We're still back to the recurring original problem with account security where the security of your account comes down to the security of your linked e-mail account.

    1. Most platforms that require OTP verification for ensuring security are targeted at the mobile phone only. But some payment gaterways send OTP to email address also simultaneously to doubly ensure that you get the OTP and that you have requested the OTP. There could be some delay in SMS or email reaching you. Many OTPs are time restricted - you have to use them quickly.
  4. Jan 2023
  5. Aug 2022
    1. We want to use the Doorkeeper gem to implement an OAuth provider in our app. However, we use 2 factor auth in the login process, so we need a way to modify the password grant to accept email, password and a 2fa token (and respond with an appropriate error if the 2fa token is required and missing).
  6. Apr 2022
  7. Apr 2020
    1. Although it can be inconvenient, the two-factor authentication is the easiest and best way to keep your accounts from getting hacked. Whenever you log into an account from a new device, it will send an email or a text with a code that you input with your password.