this post was submitted on 04 Jul 2023
12 points (100.0% liked)

Cybersecurity

8093 readers
28 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
12
Outlook login 2FA behavior (lemmy.world)
submitted 2 years ago by Endor@lemmy.world to c/cybersecurity@sh.itjust.works
5 comments fedilink hide all child comments
 

Just got a 2FA prompt on my phone, asking me to select one of three numbers to log in.

Seeing how every other 2FA thing like this doesn't send those prompts unless you have entered the correct password I got quite concerned.

However, it seems that is the first thing you get after correctly entering your email address, tried on a separate computer that I have never used my email on with a VPN to another country, and I instantly got the 2FA prompt without entering my password.

Imo it's a very shit way to do it. I can see some pensioner or similar accidentally just clicking a number and then it's 1 in 3 they get in (assuming they have 2FA to begin with, but still.).

Anyway, figured I'd post it just in case someone else got spooked the same way. I'd also like to know if someone thinks it is a good idea having it work this way and why?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here