|
|
|
|
|
|
by kerkeslager
812 days ago
|
|
|
> I have found that once you enter your phone, it is more trusted than your password (meaning it alone can reset your password). Sure, but my answer to that is simply, don't trust users' SMS more than their password. You should require two factors of authentication to change settings on any authentication factor (i.e. SMS and email to change password, password and email to change SMS). Notably, email is arguably less secure than SMS. |
|
|