Yeah not following the logic. 2FA via email is insecure. Doesn’t matter where in the email. That person is confused about something.
well with PGP, the header is unencrypted
Is there a single large company that even sends PGP email?
logging into example.com with the user’s email and that 2fa code is going to be a breeze
Sure, IF 1. you already have the user’s password, and 2. a new code wouldn’t be required/the previous code invalidated when initiating a new login session?
Like, I’m not saying that 2FA codes via email is secure, but you’re implying that they are making a security hole via this - which I don’t see.
locuester@lemmy.zip 1 year ago
phoenixz@lemmy.ca 1 year ago
Pgp, the greatest program never used by anyone
brothershamus@kbin.social 1 year ago
I used it. For about 10 minutes. Then I read the help files. Then I searched. Then I used it some more. Then I uninstalled it.
jarfil@lemmy.world 1 year ago
Unless you followed by installing gpg… then you failed. There are tons of uses for it, not necessarily encrypting emails (or more precisely, it kind of sucks at encrypting emails).