I am being daft or does Claude really only give "magic link" sign up options?
-
I am being daft or does Claude really only give "magic link" sign up options?
-
I am being daft or does Claude really only give "magic link" sign up options?
Apparently not wtf
-
Apparently not wtf
@jsmall Yeah, why would someone want to make sure that if their email box got pwned that all of their their LLM context was still safe?
-
R relay@relay.infosec.exchange shared this topic
-
@jsmall Yeah, why would someone want to make sure that if their email box got pwned that all of their their LLM context was still safe?
The fact that Anthropic closed (as a WONTFIX) this request for adding TOTP to the Claude email magic link flow, locking the thread with no commentary ... speaks volumes, unfortunately. I'm not getting strong "for the benefit of humanity" vibes.
Again, why would someone want to make sure that if their email box got pwned ... all of their LLM context was still safe?
οΈAuth: Add 2FA requirement to magic link login flow Β· Issue #12480 Β· anthropics/claude-code
Summary Add 2FA (TOTP) verification requirement to magic link login when users have mfaPreference.twoFA enabled, matching the security of password login. Current Behavior Password login (post-login-password.ts) checks mfaPreference.twoFA...
GitHub (github.com)
-
The fact that Anthropic closed (as a WONTFIX) this request for adding TOTP to the Claude email magic link flow, locking the thread with no commentary ... speaks volumes, unfortunately. I'm not getting strong "for the benefit of humanity" vibes.
Again, why would someone want to make sure that if their email box got pwned ... all of their LLM context was still safe?
οΈAuth: Add 2FA requirement to magic link login flow Β· Issue #12480 Β· anthropics/claude-code
Summary Add 2FA (TOTP) verification requirement to magic link login when users have mfaPreference.twoFA enabled, matching the security of password login. Current Behavior Password login (post-login-password.ts) checks mfaPreference.twoFA...
GitHub (github.com)
Why not just make it opt-in?
-
@jsmall Yeah, why would someone want to make sure that if their email box got pwned that all of their their LLM context was still safe?
@tychotithonus @jsmall You can use a google account. I believe enterprise has SSO.
-
@tychotithonus @jsmall You can use a google account. I believe enterprise has SSO.
Ah, sure. My reply to that, as always, is:
The SSO Wall of Shame
A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.
The SSO Wall of Shame (sso.tax)
