XenForo
Administrative
- Thread starter
- Admin
- #1
If a TFA trusted device is compromised and the attacker has access to the password he can change (or completely disable) Two-step verification for the account.
To mitigate this, it would IMHO be useful to require the password and Two-step verification for the session before Two-step verification options can be changed.
ادامه مطلب...
To mitigate this, it would IMHO be useful to require the password and Two-step verification for the session before Two-step verification options can be changed.
ادامه مطلب...