|
|
|
|
|
|
by implying
1734 days ago
|
|
|
I agree. Isn't a VPN a usecase where you'd like to authenticate yourself as little as possible? For comparison, mullvad accounts have no separate identification and authentication. Each account is a 16 digit number, and knowledge of that number allows you to administer the entire account. Usernames and passwords don't exist |
|
|
Yeah this was a huge learning curve for me. When you use a Mullvad OpenVPN config file, the username is your account number, and the password is the account number too.
All a bad actor has to do is enumerate account numbers programmatically and they could potentially own hundreds of accounts, although generating those would be difficult and a lot of it relies on chance.