2FA, or two-factor authentication - Number is stored!!!

Molecule88

Junior Member
Joined
May 21, 2013
Messages
81
Reaction score
0
Hi,

i have tried to register one more account for my partner using my mobile number but encountered this below: (1st & 2nd account registered long time ago, have already lost the email), this is my third account.

When I try to register for my partner, it prompt this.

"You can only reuse a number up to 3 times for 2FA authentication"

HWZ mentioned our mobile number will not be stored but in fact it is stored. Trying to bluff us???? What your take?

2FA, or two-factor authentication requires you to verify your registration with us using your mobile phone. We will drop you a code for you to complete your registration.

This feature is implemented to improve the security of your HardwareZone account. Your mobile number will not be stored with us and is used solely for registration authentication.

If you encounter any difficulties in the course of your registration, you can email us at: membership@hardwarezone.com.sg
 

Zangief

Great Supremacy Member
Joined
Nov 24, 2012
Messages
63,986
Reaction score
13,707
I have created a thread on this sometime ago too, glad u realised it.

nick tied to number, big brother is watching. :D
 

lilith

Banned
Joined
Apr 25, 2001
Messages
104,526
Reaction score
0
such a big forum also lieing????

Big companies like BP do it. Why should smaller companies be any diff if they can get away with it? You ever heard of an individual sue company here and successful? Yet there are thousands of complaints to CASE.

Privacy laws here are non-existent, unless u are a certain group of people.
 

Molecule88

Junior Member
Joined
May 21, 2013
Messages
81
Reaction score
0
Big companies like BP do it. Why should smaller companies be any diff if they can get away with it? You ever heard of an individual sue company here and successful? Yet there are thousands of complaints to CASE.

Privacy laws here are non-existent, unless u are a certain group of people.

You mean got individual sue company here and successful??
 

kingtrade

Banned
Joined
Feb 13, 2004
Messages
26,279
Reaction score
0
Hi,

i have tried to register one more account for my partner using my mobile number but encountered this below: (1st & 2nd account registered long time ago, have already lost the email), this is my third account.

When I try to register for my partner, it prompt this.

"You can only reuse a number up to 3 times for 2FA authentication"

HWZ mentioned our mobile number will not be stored but in fact it is stored. Trying to bluff us???? What your take?

I think they are trying to play with words.

They might not really store the mobile number in their database but they have outsourced their 2FA authentication service to a vendor (I doubt SPH have an inhouse team to run such service), who likely store the number in their database.
 

Molecule88

Junior Member
Joined
May 21, 2013
Messages
81
Reaction score
0
I think they are trying to play with words.

They might not really store the mobile number in their database but they have outsourced their 2FA authentication service to a vendor (I doubt SPH have an inhouse team to run such service), who likely store the number in their database.

I doubt so. Taken a quick glance at the source code. I think the number is stored in-house.

var req = new Request({
url: '/register.php',
onSuccess: function(responseText) {
// OK: a new 2fa code, OK_PREVIOUSLY: received 2fa code previously, same client, hasn't verified
if(responseText == 'OK' || responseText == 'OK_PREVIOUSLY') {
// show resend button, next step portion and step notice, hide request button and "Requesting..." message
$('resendBtn').style.display = 'inline';
$('requestBtn').setStyle('display', 'none');
$('hwz_2fa_step2').setStyle('display', 'block');

$('validateBtnWrapper').grab('hwz_2fa_step-notice', 'top');
 

kingtrade

Banned
Joined
Feb 13, 2004
Messages
26,279
Reaction score
0
I doubt so. Taken a quick glance at the source code. I think the number is stored in-house.

This piece of code only shows a typical pass by value function. No one, including you and me, can make an educated guess beyond that the number is passed to a function to perform a check and then return and display the result of the check on the browser.

Unless somehow someone leak some more info, it is quite impossible to tell what and where is the so-called verification system by just looking at this snippet of code .
 
Last edited:
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top