Nov. 17, 2023, 6:31 p.m. | /u/daneyuleb


Company I work for has a two step verification for the public logins. After putting in user name/password, you're prompted to have the two-step verification to emailed with an obfuscated email shown on screen.

Clicking View Source, though, reveals the Un-obfuscated email in the clear. Giving potential phishers who've acquired user names and passwords a 3rd piece of info, useable for all kinds of social engineering or email account hacking.

This IS unnecessary and against MFA best practices.... right? Or …

clear clicking cybersecurity email logins name names obfuscated password public question screen two-step verification verification work wrong

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Operations Analyst | Connected Technology Group

@ KPMG Australia | Melbourne, Australia

Database Security Engineer Lead, Vice President

@ MUFG | Tampa - 4050 West Boy Scout Blvd.

Consultant, Offensive Security, Cyber Risk

@ Kroll | New Delhi, India

Ethical hacker / Pentester H/F

@ Hifield | Sèvres, France

Digital Trust Cyber Transformation Consultant

@ KPMG India | Mumbai, Maharashtra, India