Reply to post: 2FA? 2 sweet FA!

2FA? We've heard of it: White hats weirded out by lack of account security in enterprise

Multivac

2FA? 2 sweet FA!

My company rolled out 2FA, now when you log in it sends a text message with a code you have to enter.

But it sends you the message to the mobile phone you're using to login.

The very same mobile that has your password cached on it.

And the very same phone that if you hold it up to the light you can see the the X or Z shape that people use to unlock their phones.

So 2FA is actually less secure than simply disabling password caching, you get the phone, you get the access.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon