Hello all,
I guess there is some information I'm missing. I don't understand what is all the fuss about.
Here's what I'm doing to make 2FA work for me
User logs in
I send SMS with 6 digit code.
In the enterprise it's established that the users will have to apply a change to the code before entering it in in a textbox.
So for example if the code I send is "348825" user knows that the changes necessary are "++--45"
+ means user will have to add 1 to the digit
- means user will have to subtract 1 to the digit
If there is a digit it means that the digit will have to be replaced
So instead of typing "348825" the user will have to type
3 + 1 = 4
4 + 1 = 5
8 - 1 = 7
8 - 1 = 7
2 replaced by 4
5 replaced by 5
So the user must enter the code "457745"
Hacking impossible with that. Unless there's something I'm missing.
*******************************************************
Save a tree, eat a beaver.
Denis Chassé