|
|
|
|
|
|
by haarolean
273 days ago
|
|
|
>A warning to auth engineers: if an account is using a Gmail address, then auth codes from Google Authenticator should not be considered a second factor. Incredible take. I don't know what's worse here — suggesting gmail address = google authenticator, thinking you can know the source of "auth codes", or the fact this is coming from an auth engineer. I'm switching to handwritten HMACs on paper napkins today. |
|
|