Hacker News new | past | comments | ask | show | jobs | submit login

Do you want to go through a two-factor challenge every time a single file is synchronised?



It's two-factor authentication not two-factor authorization.

I'd also think that authentication was (should be) a server-side thing: and that at that point you'd get some form of session/token/ticket.


It already is a server-side thing.

This post shows how to steal that session/token/ticket after the authentication step.

What are you proposing?


In that case this is no worse than stealing a cookie for a site which required 2FA, which presumably requires local access.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: