Y
Hacker News
new
|
ask
|
show
|
jobs
by
toasterlovin
2889 days ago
But don't many sites require a second authentication to modify access to the account (change password, add collaborator, etc)? In that case, an attacker would need a second one-time code.
1 comments
joshuamorton
2889 days ago
Normally I believe they just require the password. The threat model there is someone leaving their account logged in.
link
toasterlovin
2889 days ago
> Normally I believe they just require the password.
Shoot, you're right. Not sure what I was thinking. My bad.
link