On 2024-08-26 22:26, Viktor Dukhovni via mailop wrote:
On Tue, Aug 27, 2024 at 06:18:01AM +0200, Bryan Holloway via mailop wrote:
The password is correct, but it insists on verification from this user's no
longer existing cellphone. Yet the back-up account exists. For some reason
gmail refuses to try and use it, which would solve the underlying problem
...
Welcome to two-factor denial of service. I try to resist signing up for
such baked-in disasters as much as I can, but the powers that be (hello
GitHub) have made it impossible in many cases.
It is a sad state of affairs that no opt-out is available for users who
manage strong per-site passwords, and prize long-term availability over
often dubious security advantages of said 2nd-factors.
If it's *our* password.
Why do *we* not get to determine the character length/combination?
If we're required to enter info sent to our phone/email to login.
Why do we have a password at all?
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
