Félix
I open the website. My phone autofills my username. My phone autofills my password.
The website asks for a OTP code. My phone autofills the OTP code.
The website asks to send me a text message. My phone receives the text message and autofills the code.
Jun 6 at 1:06pmWeb
Show threadFélixJun 6
There’s somebody out there who thinks this is 3-factor auth btw
Show threadMatt MassicotteJun 6
@fay59 something I know, something I have, and something I do not understand
Show threadFélixJun 6

@mattiem something I know, something I have, and something not of this world…something that the mortal mind was never meant to comprehend. something so old that it existed before existence. something that would shatter man’s psyche if the veil was lifted

anyway that’s the only way I can describe that log in flow

Show threadNetzblockiererJun 6

@fay59 JFC, already any OTP code is bad, unless it has a "legitimate reason", like PCI-DSS & PSD2 - compliance…

  • But beyond that? Nope!

#OTP #SMS #2FA #3FA #4FA #PCIDSS #PSD2 #Enshittification