|
|
|
|
|
|
by kibibyte
2076 days ago
|
|
|
On its own, there's nothing inherently wrong with it, aside from it being a very awkward user experience. But here's where it can go wrong, using ETrade as a specific example. ETrade appends the 2FA token to your password, but also enforces a password character limit. Yep, that means turning on 2FA reduces your password character limit. From what I hear, it has some surprising behavior if your password is already at the character limit and you turn on 2FA. (Aside: ETrade has some very sketchy security practices, like apparently letting you use the 2FA token on its own to reset your password (according to a coworker), but that's another discussion.) |
|
|