Image

Image

“The end result is that the user can log in to an account and easily defeat the two-factor prompt, without entering the correct code. That means anyone could log in to your account with just your email address and password, which can be easily obtained if passwords are reused on other sites that have been breached.”In recent years, companies like Facebook, Amazon and Google have implemented 2FA to help improve account security and protect users’ personal information. The security feature is yet to be made available to all Uber users, despite the company testing it on its systems since 2015. Uber Spokesperson Melanie Ensign told ZDNet that the company only uses two-factor “when certain requests are deemed suspicious,” and it is “not an account-wide setting used on every device.” Meanwhile, Uber assured the bug “is not a bypass,” and is “likely caused by the security team’s ongoing testing to evaluate and refine the effectiveness of different techniques” to secure accounts.