2 Factor Authentication
- Thread starter kes601
- Start date
- Joined
- Nov 15, 2008
- Messages
- 44,955
The only way for one to have gotten in is with a verified number or email as part of your account that matched with MDE.
So, the only way for someone to have those would have been to hack into that system first and change the number or email.
I doubt there was any level of breach since there was still one layer, which is what we are back to
KAT4DISNEY
Glad to be a test subject
- Joined
- Mar 17, 2008
- Messages
- 28,402
Much of your personal info that is available on the DVC site is also recorded with Orange County and anyone can search there.
I don't think this was a breach. Just a failure in something new that is probably unnecessary anyway - at least for DVC since we're out in the open via public records.
nightwing12
Mouseketeer
- Joined
- Apr 29, 2013
- Messages
- 127
unbelievable their fix for the no password needed is to roll back 2FA.. id love to meet the person in charge of their tech because they are really bottom of the barrel. there are so many out of the box auth tools they could use, instead they roll their own that doesnt work..
CarolynFH
DIS Legend
- Joined
- Jan 5, 2000
- Messages
- 19,469
There was no breach. Their 2FA process didn't work, so they went back to password as before.
“During this transition, we learned that one aspect of the process was not working the way we originally intended. Therefore, we have made the decision to revert to the previous login process, and plan to implement additional enhancements in the coming months.”
My point is they don’t give us any real info and only tell us one aspect of the process was not working. What aspect was it? Wasn’t the point of this change to make our accounts more secure?
Pardon my skepticism but after receiving multiple communications in the past regarding my CC “may have been compromised” while staying at DVC properties, along with subsequent multiple identity theft issues I get concerned with vague communications like this.
My point is they don’t give us any real info and only tell us one aspect of the process was not working. What aspect was it? Wasn’t the point of this change to make our accounts more secure?
Pardon my skepticism but after receiving multiple communications in the past regarding my CC “may have been compromised” while staying at DVC properties, along with subsequent multiple identity theft issues I get concerned with vague communications like this.
wdw4rfam
DVC Member/AP holder
- Joined
- Feb 25, 2011
- Messages
- 5,323
All I know is I’m glad it’s gone. My son and I were logging in probably 20-30 times a day at least while stalking for the last night we needed. When they switched to this he couldn’t check anymore while I was at work because I had my phone. They lifted this and within one day we got that night by stalking again. Caught it before the waitlist.
CarolynFH
DIS Legend
- Joined
- Jan 5, 2000
- Messages
- 19,469
People didn’t have to enter their passwords - they could enter a single letter or number and receive the text or email with the code. So instead of 2 factor authentication (password plus code), it was 1 factor authentication (code only). IOW, not working as they wanted it to.
kes601
DIS Veteran
- Joined
- Oct 29, 2018
- Messages
- 2,704
In theory, yes, but if you will read the thread you will see their implementation did not work. You could type anything in for the password and get to the 2FA page.
-
Disney's No-Bake Granola Bar Recipe From the Contemporary
-
There's NOTHING Like a Disneyland Churro & There Are NEW Ones Coming!
-
Disney Debate: The Magic vs. the Money of a Disney Vacation
-
Why You Should Visit Epic Universe Right NOW
-
Stopping Into 'The Plastered Owl' Bar at Epic Universe
-
Disneyland's Brewing Up NEW Cold Brew Coffee Drinks Next Week
-
Bring Dirty Sodas to the New Pirates of the Caribbean Tavern
