SMS 2FA messages really ought to specify the domain they're supposed to be entered on in the message...
-
-
Replying to @tehjh
I swear I’ve seen someone (Apple rings a bell for some reason) discuss supporting this exact thing.
1 reply 0 retweets 0 likes -
Replying to @patricktoomey @tehjh
Oh..no...it was google
-https://github.com/sso-google/sms-otp-retrieval/blob/master/README.md …1 reply 0 retweets 1 like -
Replying to @patricktoomey
I don't mean that I want it for fancy integration for automatic access to 2FA flows - there are services I use where the login flow texts you a 2FA code with (almost) no indication of which company/website/whatever that code is associated with
2 replies 0 retweets 1 like -
Replying to @tehjh @patricktoomey
let alone a domain name the user can check against
1 reply 0 retweets 1 like -
Replying to @tehjh @patricktoomey
and "feed this code to whoever asks for one" doesn't seem great
1 reply 0 retweets 2 likes -
Replying to @tehjh
I didn’t look over the idea much...but I thought the idea was to not fill the code to “whoever”...I assumed it was attempting some domain association between sender and filler.
1 reply 0 retweets 0 likes
(I was still ranting about the manual SMS 2FA process, not any of the automation stuff. sorry if that was unclear.)
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.