2fa.directory API #62
Comments
|
Sorry, just found the option to disable. |
|
Actually I'm loading not the website but a vey specific json file (https://2fa.directory/api/v2/tfa.json) and I'm sure that this will not load any other code from any additional website. Nevertheless I might think about looking for alternatives. Where are they listed as malicious? |
Hi @Rookiestyle. The URL 2fa.directory was marked as "suspicous" by several security vendors over the time (see https://www.virustotal.com/gui/domain/www.2fa.directory). I also know of Checkpoint Products, which block the site even today. I would kindly ask you to disable the feature by default, as it is likely to rise alarms in corporate environments. Also the concept of an password manager plugin connecting to internet without prior user consent is likely cause mistrust - even when done with good intentions. |
Thanks for the hint.
I don't get this point. If you download and run the portable version on your company's device, from my point of view alerts are justified - not so much because of 2fa.directory but simply because it's programs accessing the internet which were not installed by your IT department.
Point taken. I updated the readme to make this clear and the next release will explicitly ask whether this feature shall be used. |
While this holds true in a perfect world, I know many companies/customers that need to deal with a less than perfect reality. Convincing them them to stop storing passwords in excel is much more difficult, when the password manager causes alerts in their brand new antivirus 🤪 |
Hi,
I figured out you are using 2fa.dirctory api for checking if 2fa is available.
Unfortunately they are listed as malicious and also they load content from to tdsjsext1.life which also is malicious.
Can you remove or change this API? Or give User an option do disable this API?
Best Regards,
Tim
The text was updated successfully, but these errors were encountered: