Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Premature confirmation of successful sign in with 2FA
When signing in with two-factor authentication enabled, a code is requested on the next page after entering email and password:
However, before the code is entered, a green banner at the top of the page already says "Signed in successfully".
This is not a security problem, as the user is not really signed in, and any attempt to navigate without entering the code confirms this.
It is confusing to the user though, and may make a user wonder whether two-factor authentication is working correctly. Could this message be removed from this page, and only displayed after sign in is completed?
0 comment threads