.@netflix - WTF, how do you allow a zero-confirmation email address change for an account?
But because of this design, an attacker can completely take over the account (log-in -> email change -> PW reset). This is terrible security design and needs to be fixed immediately.
-
Prikaži ovu nit
-
This is exacerbated because I end up signing into my Netflix account on all manner of questionable devices (oh hotel smart TVs...). And the only login method is using my actual password rather than any of the many single-use login strategies that would also be *much* better UX.
1 reply 0 proslijeđenih tweetova 11 korisnika označava da im se sviđaPrikaži ovu nit -
1) Add confirmation when changing the ID of an account! (2 factor & other best practices too.) 2) Add a QR or one-time-code login flow so I don't enter my PW everywhere. I mean, I'd also like my account back. Airplane internet is good enough to tweet but not use your live chat.
0 proslijeđenih tweetova 21 korisnik označava da mu se sviđaPrikaži ovu nit
Chandler Carruth je proslijedio/a tweet korisnika/ceChandler Carruth
Recovery process is *not good* folks:https://twitter.com/chandlerc1024/status/1213108431672037377 …
Chandler Carruth je dodan/na,
https://twitter.com/chandlerc1024/status/1212874897757757450 …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.