When we log in with 2-factor authentication every time we must get the authentication code. Maybe it is an idea to ask ones a month and not everytime we login.
Solved
App and 2-factor authentication
- Apprentice
- 8 replies
Best answer by Anne Buit
Hi Ronald,
The 2-factor authentication is intended to only allow access when you know something (password) and you have something (e-mail account, phone, totp device).
When you allow leniency when it comes to ‘having something’ for a month, you also allow the attacker who knows your password access for a month. After submitting a correct 2FA authentication after the month has passed, you'd grant the attacker access for another month as well.
This topic has been closed for comments
+5Hi Ronald,
The 2-factor authentication is intended to only allow access when you know something (password) and you have something (e-mail account, phone, totp device).
When you allow leniency when it comes to ‘having something’ for a month, you also allow the attacker who knows your password access for a month. After submitting a correct 2FA authentication after the month has passed, you'd grant the attacker access for another month as well.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.