In forgotten password is asking user their TOTP among other details secure?
I have started to work on the Forgotten password feature on my website. Based on OWASP Forgot Password cheatsheet, the user should provide enough information to confirm that it is really them.
The system currently is working as follows:
T… Continue reading In forgotten password is asking user their TOTP among other details secure?