TFA: Backup codes seem to be a security risk

  • Thread starter Thread starter Kirby
  • Start date Start date

Kirby

Guest
Member
When activating any two step authentication method, XenForo also generates a list of backups codes.

Those backup codes are stored as plaintext in the database and shown to the user when accessing account/two-step/backup/manage.

Storing those codes as plaintext in the database seems a security issue to me; if an attacker gets access to those codes, he can use them to log into accounts effectively bypassing stronger options (like TOTP) set up on accounts.

Therefore, backup...

Read more
TFA: Backup codes seem to be a security risk

free plugins
minecraft paid for free
mcmarket
mc-market
free minecraft paid plugins
free minecraft plugins
spigotmc
SpigotMC
aac free
ewg free
Minecraft Premium Plugins
ewg free download
litebans free
epicworldgenerator free
free schematics
leaked schematics minecraft
schematics
schematics leaked
schematics free
minecraft schematics free
paid minecraft schematics free
paid minecraft schematics for free
free cracked plugins
free cracked minecraft plugins
plugins
featherboard download
featherboard plugin download
antiaura download
xenforo leaked
xenforo for free
xenforo addons
 
You must log in or register to reply here.
Top