all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Two-step verification question - this seems wrong

Add to bookmarks
Nov. 17, 2023, 6:31 p.m. | /u/daneyuleb

cybersecurity www.reddit.com

Company I work for has a two step verification for the public logins. After putting in user name/password, you're prompted to have the two-step verification to emailed with an obfuscated email shown on screen.

Clicking View Source, though, reveals the Un-obfuscated email in the clear. Giving potential phishers who've acquired user names and passwords a 3rd piece of info, useable for all kinds of social engineering or email account hacking.

This IS unnecessary and against MFA best practices.... right? Or …

clear clicking cybersecurity email logins name names obfuscated password public question screen two-step verification verification work wrong

Visit resource

More from www.reddit.com / cybersecurity

Terrible interview process 5 hours ago | www.reddit.com
architect cutting cybersecurity endpoint +13
Is the CIA Triad created equal in practice? 9 hours ago | www.reddit.com
aspect availability cia confidentiality +10
How do you address your EDR platform when you aren’t receiving many true positives? 9 hours ago | www.reddit.com
address alerts behavior cybersecurity +8
What are some popular news or security content creators you guys follow to keep up … 9 hours ago | www.reddit.com
articles content creators creators cybersecurity +5
Looking for con suggestions that are mostly for skilled people not for vendors/management 11 hours ago | www.reddit.com
con corporate cybersecurity doing +7
How to effectively track security exceptions in mid-sized startup? 12 hours ago | www.reddit.com
aws basic cybersecurity database +19
Latrodectus Malware Analysis Part 2 feat Hashdb and IDA Scripting 15 hours ago | www.reddit.com
analysis cybersecurity ida latrodectus +3
Nasty bug with very simple exploit hits PHP just in time for the weekend 18 hours ago | www.reddit.com
bug cybersecurity exploit php +2
Encryption At Rest: Whose Threat Model Is It Anyway? 18 hours ago | www.reddit.com
cybersecurity encryption rest threat +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com