Hacker Times
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
stingraycharles
on June 11, 2019
|
parent
|
context
|
favorite
| on:
Support for U2F security keys
Which in itself is a problem: it means the MFA device is not required, if only they have access to my email + phone.
burntsushi
on June 11, 2019
|
next
[–]
Sure, I know. Just pointing out that, at least for AWS, you do not need recovery codes or a second device for MFA. For me personally, phone+email is good enough for my threat model.
mschout
on June 12, 2019
|
prev
[–]
Yes, AWS MFA is very poorly implemented.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
