You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am not sure if I could explain my point correctly.
Example.
some-app.io ask for blink email address, user enters, app calls /auth/email/code
user receives email with otp, enters code to some-app.io, which calls /auth/email/login
some-app.io has access to all token authenticated API endpoints of user
a way to limit this, is to present a custom image, consistent login after login, after the user have added his email, but before he has added his code.
so that if the user is not able to see this image, he would not something might be off, and would not put the code received by email or phone
The text was updated successfully, but these errors were encountered:
Email would have to contain the same image for verification. Most users, me included, would not remember what picture wallet showed them months ago. Could the wallet just invite user by their username "Welcome back usernamne" - since attacker wouldnt know their username?
a way to limit this, is to present a custom image, consistent login after login, after the user have added his email, but before he has added his code.
so that if the user is not able to see this image, he would not something might be off, and would not put the code received by email or phone
The text was updated successfully, but these errors were encountered: