Hacker News new | past | comments | ask | show | jobs | submit login

GitHub has a similar problem, where the GitHub mobile app can’t be disabled as an 2FA factor. They implemented an option to make other factors as the “default” without the ability to completely disable mobile, and then falsely closed the discussion [1].

If such insecure factor can’t be disabled, what’s the point in setting up TOTP and / or hardware keys?

[1]: https://github.com/orgs/community/discussions/10861




The point is to offload security faults onto the customers so tickets can be ignored.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: