If the target was not actively trying to log into GOOD at that exact moment, why... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jghn 7 months ago \| parent \| context \| favorite \| on: Emailing a one-time code is worse than passwords If the target was not actively trying to log into GOOD at that exact moment, why would they treat this as anything other than one of a phishing attempt or spam?

bombcar 7 months ago [–]

Because target WAS trying to login to BAD.

Imagine a "free porn, login here" website, when you put in your gmail address it triggers the onetime code from gmail (assuming it did that type of login) - thousands would give it up for the free porn.

jghn 7 months ago | [–]

Oh I see. Misread the whole scenario.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact