If you offer some kind of flag that can authenticate without the second factor then the whole system is moot. I.e. an attacker can fake/spoof the user agent or whatever flag you're using, the reason its OK to skip the…
If you offer some kind of flag that can authenticate without the second factor then the whole system is moot. I.e. an attacker can fake/spoof the user agent or whatever flag you're using, the reason its OK to skip the…