Two-factor authentication questions

  • Hi,

    I tried enabling two-factor authentication, and I have a couple of questions.

    First, is there a time limit on the authentication codes? With many websites and services that use two-factor authentication, a generated code sent via text or email expires after a specific period of time (10 to 15 minutes seems typical). Is there an expiry time for these codes?

    Second, I note that after entering the code and logging into the dashboard, there is an additional cookie: itsec_interstitial_browser. I presume that this cookie records the actual authentication, which raises two additional questions:
    a) Is this a session cookie or does it have some other normal duration? (This is hard for me to confirm because my browser is set up to delete all cookies at the end of session, so unless I disable several settings, all cookies are functionally session cookies for me.)
    b) What information is included in the hashed value this cookie contains?

    Third, if I use email codes (not a mobile app) or generate backup authentication codes, are they generated by my server locally, or does the process involve any communication with iThemes or any other third-party service?

    Thanks!

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Two-factor authentication questions’ is closed to new replies.