Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://freeradical.zone/users/funnymonkey/statuses/113719342667632465">funnymonkey (funnymonkey@freeradical.zone)'s status on Friday, 27-Dec-2024 02:17:00 JST</a><a href="https://freeradical.zone/@funnymonkey" title="funnymonkey@freeradical.zone"><img src="https://gnusocial.jp/avatar/104660-48-20230305183041.webp" width="48" height="48" alt="funnymonkey" style="position: absolute; left: 0; top: 0;">funnymonkey</a></section><article><p>Why, oh why, do sites do this?</p><p>When we evaluate the customer facing security of sites, "features" like this need to be explicitly flagged as undermining basic security practice -- in this case, underminig 2FA.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4259453#notice-8324207">In conversation</a><time datetime="2024-12-27T02:17:00+09:00" title="Friday, 27-Dec-2024 02:17:00 JST">about 2 months ago</time> <span>from <span><a href="https://freeradical.zone/@funnymonkey/113719342667632465" rel="external" title="Sent from freeradical.zone via ActivityPub">freeradical.zone</a></span></span><a href="https://freeradical.zone/@funnymonkey/113719342667632465">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3780577">Screenshot of select option that sets a cookie in the browser that disables 2FA: "Don't require verification code again."</a></label><br><a href="https://nfts.freeradical.zone/media_attachments/files/113/719/338/005/243/044/original/006e33d533e7a0bf.png" rel="external">https://nfts.freeradical.zone/media_attachments/files/113/719/338/005/243/044/original/006e33d533e7a0bf.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
funnymonkey (funnymonkey@freeradical.zone)'s status on Friday, 27-Dec-2024 02:17:00 JST funnymonkey
Why, oh why, do sites do this?
When we evaluate the customer facing security of sites, "features" like this need to be explicitly flagged as undermining basic security practice -- in this case, underminig 2FA.
In conversationabout 2 months ago from freeradical.zonepermalink
Attachments
1. Screenshot of select option that sets a cookie in the browser that disables 2FA: "Don't require verification code again."
  https://nfts.freeradical.zone/media_attachments/files/113/719/338/005/243/044/original/006e33d533e7a0bf.png

Public

Embed Notice

HTML Code

Corresponding Notice