On 2014-12-03 06:55, Edward Ned Harvey (lopser) wrote:
In the present, every 2-Factor authentication system I've ever seen, including Google, Microsoft, and every bank and credit card that I use... You enter username & password, and then if it's wrong it says "bad username or password," but if you got it right, it says "We have sent you a validation link." Which once again, stupidly validates the correct combination of username & password to a user who is not yet fully authenticated.
The only two-factor system I have encountered that doesn't do this is a VDI setup at my work with Windows terminal servers and Symantec VIP. The username/password and VIP prompts are separate, but both are required before an indication of success or failure and the failure notice does not state which has failed.
Danielle -- [email protected] http://danielle-white.info/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
