the code was part of the
… part of the Subject header in the encrypted body of the message, you mean? What a nothing-burger.
spudwart@spudwart.com 10 months ago
Was surprised at first, then I went to go log in to change my password.
And then it said I was emailed a 2FA code… the code was part of the email header.
Now I’m completely unsurprised this happened.
corsicanguppy@lemmy.ca 10 months ago
jarfil@lemmy.world 10 months ago
encrypted body of the message
Encrypted what? LinkedIn lets you add a key/cert to send you encrypted emails?
kungen@feddit.nu 10 months ago
I’m not sure what you’re implying here regarding headers? Email is insecure regardless; even when using SMTP with TLS, it’s not like the headers are exposed whereas the body would be encrypted or something.
spudwart@spudwart.com 10 months ago
kungen@feddit.nu 10 months ago
Is there a single large company that even sends PGP email?
Sure, IF 1. you already have the user’s password, and 2. a new code wouldn’t be required/the previous code invalidated when initiating a new login session?
Like, I’m not saying that 2FA codes via email is secure, but you’re implying that they are making a security hole via this - which I don’t see.
phoenixz@lemmy.ca 10 months ago
Pgp, the greatest program never used by anyone
locuester@lemmy.zip 10 months ago
Yeah not following the logic. 2FA via email is insecure. Doesn’t matter where in the email. That person is confused about something.