This is what #BlueSky considers a perfectly acceptable implementation of a... - Bluesky and AT protocol

dusnm, 15 days ago

This is what #BlueSky considers a perfectly acceptable implementation of a two-factor authentication system.

Just send an email with the 2FA code. This is insanely irresponsible and I'm sure they know it.

Since most people unfortunately reuse passwords, any sane person must reasonably assume the email is likely to be compromised as well...

I have no clue why they don't use #TOTP. Unless the attacker has access to the device with the shared secret, it's borderline impossible to defeat.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ symfonystation

Image

Image alternative text

mackuba, 14 days ago

@dusnm This is a temporary solution they've implemented very recently as a "quick fix" because some accounts really needed it, and a proper implementation was still a bit away. They're working on a more complete authentication system with OAuth and proper 2FA, which should be available maybe in a couple of months.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

dusnm, 14 days ago

@mackuba TOTP can be considered a "quick fix" as it's trivial to implement.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment