|
|
|
|
|
|
by sunu
2234 days ago
|
|
|
If anyone from Zerodha tech team is here, I wonder what's the reasoning behind Zerodha's weird 2FA setup? A static password + a static pin is not really 2FA IMO. What's the problem with supporting standard hardware or app based 2FA that requires an OTP? |
|
|
The static PIN is a legacy hole that has to be plugged. Coincidentally, we wrote to the regulator about this exact same matter recently. We'll hopefully see a regulatory announcement mandating "real" 2FA for everyone.