Y
Hacker News
new
|
ask
|
show
|
jobs
by
yafujifide
310 days ago
There is a way to fix this. Don't just require a 6 digit code. Require a 6 digit code and a long random string (an expiring token), which is only present on the page the user visited, or in the email they were sent.