Chrome repeatedly prompts to save MFA validation codes as if they are passwords
I use the Chrome browser which autofills my non-trivial password when I login. Workiva then emails me a 6-digit code that I have to enter within 10 minutes to complete the Multi-Factor Authentication.
Every single time I enter an MFA code, the Chrome browser offers to save that 6-digit code as my new password. At some point, I'm afraid I will click yes by accident and lose my real password.
The MFA code is not a password. It is a one-time token that expires immediately after use. It can't be re-used. Thus, it can be treated as a plaintext field, rather than as a secure "password" in the HTML form. That way, Chrome would not assume it was a password, and it would not offer to overwrite my real password every time I login.
-
Thanks for sharing this, Glenn Parker I will create a ticket for you to see if this can be looked into. Have a great day!
0请先登录再写评论。
评论
1 条评论