|
|
|
|
|
|
by dalmo3
1368 days ago
|
|
|
How would you prevent someone from spamming a user just by knowing their username? Say, if the 2FA is done by SMS, or email. An attacker brute-forcing the password could flood the user with multiple messages. The usual response is doing a password reset, but that wouldn't work in your system. I wonder how systems that use magic links handle this. |
|
|
Wasn't something like this how Uber got hacked recently? Spamming the target until they clicked "yes" on the 2FA prompt?