TM's MFA is not secure
By sending a code to the same email address used to log into TM, with the option of opening the email account, makes the process insecure and TM complicit in fraud. The code should be sent as a mobile text, using the same email is enabling theft and corruption.
-
Callum Community SuperuserI disagree. Someone would need both access to your Trade Me account with it's password, and your email with it's (hopefully different) password.
Sure, if they have your device with both of those logged in then it would be possible to gain access. However if they have your phone they can read your text, without even needing a password / pincode / face ID / fingerprint or anything to see that if you have texts set to come up directly on your screen. So email is actually more secure than MFA using a mobile text message. Surely.
0
1 comment
Date
Votes