Shouldn't repeated failed 2FA login attempts trigger a notification to the user? Or password OK, 2FA failed login attempts at a different location that the user normally is at?
I mean if there's repeated login attempts where the password is correct but the 2FA is not that's a pretty good indication that the password may be compromised. I'd like to be notified of that.
I mean if there's repeated login attempts where the password is correct but the 2FA is not that's a pretty good indication that the password may be compromised. I'd like to be notified of that.