|
|
|
|
|
|
by davis_m
4534 days ago
|
|
|
In this model, all you have to do is time the authorization request appropriately. If an attacker can time their authorization at the same time that the user is logging in, a large number of users are simply going to authorize both requests thinking that it is some sort of glitch. With the standard OTP model, a user physically can not enter their code for another user. |
|
|