HACKER Q&A
📣 prmph

Why do some services allow you to routinely bypass 2FA


On GitHub, I have 2FA active. Whenever I try to perform some sensitive action, I'm presented with a 2FA challenge. But there is the option to simply use your password, at the bottom, which I have used frequently.

So why present the 2FA prompt at all if I can simply choose to not use it? Maybe I have that option because I'm accessing from a registered browser. Whatever the case, it's a redundant prompt.

I've seen this pattern on other online services, for example Wise.com

  👤 josefresco Accepted Answer ✓
My hosting provider used to let me bypass 2FA because they "fingerprinted" my browser (whatever that means). Thankfully they've dropped that insane idea and now force 2FA every login.