|
|
|
|
|
|
by weaksauce
1372 days ago
|
|
|
> You should verify a user's second factor before password. the cost of sending those 2fa texts is not zero and also the idea of them is that they are ephemeral so them being tied to the successful entering of username and password and limited in time is a feature... not a bug. |
|
|