Jhereg
Elite
- Joined
- Dec 13, 2005
- Posts
- 2,668
- Society
- Rangers
- Avatar Name
- Feng Huan SecretAznMan Zho
Currently, there is a 2FA backup code that is only five letters long that can remove your 2FA.
I believe it is only 5 letters long. And it can't be changed, as far as I know. (Each time I use it, the code is not refreshed). Which means once the code has been compromised, the current system, as far as I know, has no backup plan that allows you to get a new backup code, which means your 2fa continues to be compromised.
Please correct me if I am wrong.
There should be a system in place that is like what google does where you can generate single use backup codes that can be regenerated and invalidates the previous codes.
Just my 2 cents.
I believe it is only 5 letters long. And it can't be changed, as far as I know. (Each time I use it, the code is not refreshed). Which means once the code has been compromised, the current system, as far as I know, has no backup plan that allows you to get a new backup code, which means your 2fa continues to be compromised.
Please correct me if I am wrong.
There should be a system in place that is like what google does where you can generate single use backup codes that can be regenerated and invalidates the previous codes.
Just my 2 cents.
