|
|
|
|
|
|
by gorniv
411 days ago
|
|
|
We actually use 6-digit one-time codes sent to email as a second login method. If we detect brute-force attempts, we switch to using a GUID-based fallback instead of short codes. So yeah, lesson learned — don’t outsource identity fully. We thought Apple Sign In would be convenient, but it backfired hard. |
|
|