> We also independently reproduced and verified the bug, albeit with mixed results. In some cases the bug would work, and in others the bug would fail, with nothing obvious to determine why.
The state of the attention economy is truly depressing.
Ensign said the company uses "machine learning to enforce risk-based authentication by default for all rider and driver accounts." The company uses hundreds of signals -- first revealed by Gizmodo in 2016 -- to detect potentially suspicious behavior, like unauthorized logins and fraudulent rides."
If true, this makes sense because a legitimate login that is hampered by 2fa turned on every time for basic actions that generate revenue costs the company money. So long as customers' happiness and usage frequency keeps going up and to the right quickly, this is a non-story of a company trying to engineer an optimal solution to authentication.
I'm pretty sure similar machine learning solutions are used at Google, Facebook and Amazon, since I can only intermittently trigger 2fa with all these other companies as well. Only certain actions like managing security settings always require 2fa.