• JackbyDev
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    Blearily you unlock it, glance at a prompt, and then approve a login and fall back asleep.

    The idea that people would approve that is wild to me.

    • Godnroc@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Mate, I’ve had users who were sharing an account that only some of them had MFA prompts for. They didn’t bother checking who had initiated the prompt, they just approved it because it was easier. And that was while they were fully awake and thinking…

      • JackbyDev
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        What’s funny to me is that doing this while you know your target is asleep probably has a higher success rate just because they’re more likely to press the wrong thing just because their eyes are groggy. I can read my phone without my glasses but when I wake up in the night that’s not the case right away.