https://en.wikipedia.org/wiki/RSA_SecurID
A one time, time based hash as 2FA. Despite using this 2FA, the bad code completely circumvents it.