Why Nostr? What is Njump?
2024-03-21 17:05:04

Royce Williams on Nostr: When on desktop, Google prompts you to re-verify MFA for escalated privs. It prompts ...

When on desktop, Google prompts you to re-verify MFA for escalated privs. It prompts for your passkey/security key, and also sends a prompt to your phone.

But the phone prompt apparently has no way to "get the word" that the prompt was answered on the desktop. So the stale prompt just sits there indefinitely, with only "no this isn't me" or "yes this is me" as the options.

I say "stale" because you can pick your phone an hour later and that prompt is still there, full screen - so you can't be sure when it arrived, and there's no indicator of what service is prompting you, geo location or ISP of the prompt, etc. (so it's unwise to his "yes this is me"). But you also don't want to hit "no this isn't me", in case it was your legit login from an hour ago.

#mfa
Author Public Key
npub1l4uw5jf7geh9gq658wjsga0g4nrez4l28w45yw6n77q238yjgglqykte68