a month ago
I have multi factor authentication enabled on my Fido account but I am able to log in with just userid and password on my laptop. I am not asked for a one time passcode and my browser is always cleared of cookies after every session. I also tested signing out, clearing cookies, and logging in again.
Why isn't the one time passcode always required? It should always be for security purposes.
a month ago
Just to continue this thread, I was just on technical support call and they say that because the device was authenticated in the past, the MFA code doesn't have to be entered again.
This is poor security. An MFA code should be requested for every login regardless of the device used.
a month ago
Hey,
That's a very good question.
Thank you for bringing this to our attention, our customer's security of their account is very important to us. We'll be sure to forward this to the appropriate department for review.
Although the MFA doesn't get triggered at every login attempt, a manual login does get triggered at ever attempt.