this post was submitted on 04 Mar 2024
66 points (91.2% liked)
Open Source
31250 readers
258 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hell no, having OTP in the browser kinda defeats all 2FA and makes it 1FA again.
If the thread model involve physical device access, then yes. However, consider that the attacker might not have access to the device with this 2FA.
It's enough if they have access to the browser.
You're gonna need to access the device for that
It's probably sufficient to be able to take over the browser remotely.
Can you elaborate on that? Any source?
RCE CVEs are a thing.
You don't know what you're talking about, do you?