Quote:
Originally Posted by cabmando
You gonna get into 2 factor authentication for voting? I'm all for it! Before fully logged in you have to enter not only your unique identifier but a code that is sent by email or text that is only good for 10 minutes.
|
Good basic idea, useless implementation. Neither email nor SMS is secure. And it's quite terrifying the # of people - including banks - that think they are...
For MFA, use OATH or FIDO - if you don't want a hardware dongle, some password managers store the hash encrypted and generate the token themselves.