top | item 42630200

(no title)

Oh good find, the link going through Mailgun as a redirect is a recent regression. We have a PR to fix that going live soon.

That said, our security team and I agree there is no security issue here. Mailgun already can see the text of the emails we send.

discuss

dexterdog|1 year ago

How is there no security issue here? Email is not secure and it's even less so when you are sending it via a 3rd party. If this were a photo site or something that would not be a big deal but we're talking about a bank. SMS is not much better. Like somebody said elsewhere in the thread, you should allow people to opt out of insecure third-factor verifications since they are just an annoyance and are ultimately security theater.

apitman|1 year ago

The emails in question are a third factor, not a magic login link.

Even if they were, almost all email goes through third parties which are trusted implicitly. That's not great, but email is the only federated system in existence capable of implementing this type of decentralized login at scale.

Maybe someday we'll be able to use something like Matrix, Fediverse OAuth, or ATProto OAuth instead, but those are all a ways off.

adastra22|1 year ago

It's not security theater. He explained above how this is used to defeat a specific phishing attack that they've actually seen in the wild. There are other, different threat vectors (e.g. compromise of the mail server) that it doesn't prevent. But that doesn't make it theater. as it does provide other value.