undefined | Better HN

0 pointschimeracoder12y ago0 comments

> Send it to the email account that will be protected by two-factor authentication using the key, and it won't really matter.

Unless, of course, the email is intercepted in transit.

If your email is being sent in the clear, it doesn't matter whether or not you use SSL and/or two-factor authentication to connect to your server - the email has been compromised long before.

0 comments

thirsteh12y ago

>> Send it to the email account that will be protected by two-factor authentication using the key, and it won't really matter.

> Unless, of course, the email is intercepted in transit.

> If your email is being sent in the clear, it doesn't matter whether or not you use SSL and/or two-factor authentication to connect to your server - the email has been compromised long before.

This isn't really as big of an issue as people make it out to be. TLS is fairly prevalent for MTAs.

Anyway, I assumed this was describing a scenario where a sysadmin/IT guy sends a QR code to another employee, in which case it is all internal.

j / k navigate · click thread line to collapse