Ques/Help Two-factor auth and logout behavior

R

Rodolfo

Guest
I've noticed that the two-factor implementation doesn't logout.

I believe that this could be considered a security flaw in the implantation as after logout out the browser is still validated. If I had to login in someone's else computer, logout won't remove the two-factor access and it will login right away without asking the otp.

When you put a valid two factor code the browser keeps validated for an entire month and it requires to stop trusting the device, I believe that there should be...

Read more

Continue reading...