|
|
|
|
|
|
by triceratops
24 days ago
|
|
|
Big oof. A master password shipped in client-side JS. A fake OTP authentication process - "the server sends the OTP back...and the [client code] compares what you typed against that value locally before letting you through" And it gets worse after that. |
|
|