All too vulnerable.

Because I have my browser set to flush everything on exit, every time I login to outlook online I get 4 login options

1. User face, fingerprint, PIN or security key

2. Approve sign-in with mobile app

3. Use your password

4. Send a code to alternate email.

I can also get a 5th option,

5. Send a code to my cellphone

Essentially, someone only needs one of these things to access my email.

My security is convenience.

On Friday, 27 March 2026 at 04:14:24 pm NZDT, Lawrence D'Oliveiro <ldo@geek-central.gen.nz> wrote:

On Fri, 27 Mar 2026 02:57:54 +0000 (UTC), Simon Travaglia wrote:

> This has been something I've thought about a lot recently.The only

> "foolproof" method I've come up with is to ask the person something

> obscure that they would know, like what was the name of the pub that

> you used to work at?

That kind of thing is vulnerable to a “man-in-the-middle” attack.

_______________________________________________

wlug mailing list -- wlug@list.wlug.org.nz

To unsubscribe send an email to wlug-leave@list.wlug.org.nz