joshuaaa :verified: on Nostr: I just got a legitimate email from MyGov that my account had been locked due to too ...
I just got a legitimate email from MyGov that my account had been locked due to too many incorrect login attempts. Fair enough. I go to the MyGov site and unlock my account using 2FA and then they are making me change my password??? So an attacker could theoretically force a user to change their password any time they want by just putting in the incorrect password a few times? That seems very stupid. 🤦
Published at
2024-09-25 23:24:30Event JSON
{
"id": "67d5c456605f21a91024f417e313c9853e287a69aa451d08afd41da162a62533",
"pubkey": "0b9900bd9ce855d7baf6bcb38b8a0c3e27e2030dd3c51e9b7b857582225ddcec",
"created_at": 1727306670,
"kind": 1,
"tags": [
[
"proxy",
"https://bne.social/users/phocks/statuses/113200769937404047",
"activitypub"
]
],
"content": "I just got a legitimate email from MyGov that my account had been locked due to too many incorrect login attempts. Fair enough. I go to the MyGov site and unlock my account using 2FA and then they are making me change my password??? So an attacker could theoretically force a user to change their password any time they want by just putting in the incorrect password a few times? That seems very stupid. 🤦",
"sig": "86da9497b02ee6cdbcae2a3e2fbf55f5185dd84cb7a64cfabff2240569b6ce86b35eb426a734503ae6fff78bed8276a66342b30a84278adf3e0ce28b42e85e05"
}
