• That doesn't actually guarantee that 2FA is needed to login - MSFT is the worst for this, as they allow API access to your email account with a password, predominantly designed for apps to be able to interact with your email.

    i.e. you need 2FA to login, but the bad actor, masquerading as some form of client that is not Outlook/similar, doesn't.

About

Avatar for Dammit @Dammit started