Authentication

This post is mainly for users who use MFA authenticator apps on their smartphones. Earlier the process was to click either “Yes (Approve)” or “No (Deny)” and that would allow to login. Why is now one more step required to enter a value shown on the login page? Background We have been using passwords since years to secure our digital accounts. Since people need to have passwords for several different services and it becomes tough to remember them, they started to either (a) reuse the same password, (b) use an easy password, (c) write down the different passwords. ...

TLDR: While ordering dinner for me, I came across a bug where I could login to anybody’s account and view their details (like name, email address, home address, order details). This issue was fixed on the same day of reporting to the concerned technical team. Let’s name the company FoodieExpress, which serves fast-food in their restaurants, allows take-away of food and does home-delivery of food (when ordered over call, mobile app or website). ...