Right now, according to this article I spotted, if you enter an incorrect password, the system indicates that there’s an issue with 2FA. Should that be a good thing? Experts indicate that telling the user what’s wrong even if an incorrect password is entered could give the attacker a leg up.
Maybe Coinebase should say that the username, password or 2fa doesn’t match. This wouldn’t say specificly what’s wrong, but yet the user could again try a different password.
Since this error message happens with an invalid password, maybe just saying that the credentials entered doesn’t match records and move on.
Coinbase does not indicate there’s a breach at this time.
Coinbase to fix 2FA account activity entry freaking out users is the article.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.