A friend of mine was recently scammed into handing over a six-digit verification code to her WhatsApp account.
She lost access to her account within seconds, but what's more, there was no easy way to recover it despite being able to receive SMS messages on the registered number, needed for 2FA ⸻ the scammers had effectively locked her out through efficient use of "too many attempts" abuse control.
The account would be locked for a period of 7 hours after which the same thing would repeat, seemingly to no end.
You tried to verifying your phone number too many times. Contact support for assistance.
Now six digits is not a whole lot in the face of brute force. But instead of locking the account, why not just offer to send a 2FA verification code with additional digits to provide the necessary security? This seems like an easy fix and a missed opportunity for ensuring the swift recovery of the account.
from Planet Python
via read more
No comments:
Post a Comment