R
Rodolfo
Guest
I've noticed that the two-factor implementation doesn't logout.
I believe that this could be considered a security flaw in the implantation as after logout out the browser is still validated. If I had to login in someone's else computer, logout won't remove the two-factor access and it will login right away without asking the otp.
When you put a valid two factor code the browser keeps validated for an entire month and it requires to stop trusting the device, I believe that there should be...
Read more
Continue reading...
I believe that this could be considered a security flaw in the implantation as after logout out the browser is still validated. If I had to login in someone's else computer, logout won't remove the two-factor access and it will login right away without asking the otp.
When you put a valid two factor code the browser keeps validated for an entire month and it requires to stop trusting the device, I believe that there should be...
Read more
Continue reading...