|
|
|
|
|
|
by dmichulke
3070 days ago
|
|
|
1. As secret, use encrypted(some internal device id, pregenerated-key) 2. Generate pregenerated-key upon first login (maybe based on email or tel no?). Just like, e.g., Signal does it 3. On your servers, check if pregenerated-key and/or email is used more than once at the same time, if so invalidate it and direct user to 2. |
|
|
We monitor for the same login being used twice at the same time and disconnect both and delete the account.