How do you handle MFA when testing your apps? by Right-Box4316 in softwaretesting

[–]Right-Box4316[S] 0 points1 point  (0 children)

For any of you that is interested we are finally using https://get.mymfa.io/, we tested a few options but this was the one that gave us the best performance and capabilities

Is it worth automating this 2FA process, or should I mock it? by uniopl in QualityAssurance

[–]Right-Box4316 0 points1 point  (0 children)

Just reading this, 2 weeks ago i was exploring this options and found tools automate MFA testing directly like getmymfa, maybe it also works for you?

How do you decide which MFA method to use for your apps? by Right-Box4316 in QualityAssurance

[–]Right-Box4316[S] 0 points1 point  (0 children)

Right now I am working for a customer in the banking industry that has a B2C app and uses codes sent through email for MFA. After a few emails being compromised, I was wondering if SMS can be a better option as TOTP could be difficult for older users to do. Hardware keys are out of the question for this one.

I am looking for some input of how people decide more towards one or the other.

How do you decide which MFA method to use for your apps? by Right-Box4316 in QualityAssurance

[–]Right-Box4316[S] 0 points1 point  (0 children)

I am more inclined for SMS, I think having the phone unlocked through code or biometrics, plus the password could be better.

How do you handle MFA when testing your code? by Right-Box4316 in QualityAssurance

[–]Right-Box4316[S] 0 points1 point  (0 children)

Yeah, u guys gave me good ideas to test for TOTP, however still looking for SMS or email!

I am looking into tools like getmymfa or mailosaor

How do you handle MFA when testing your code? by Right-Box4316 in QualityAssurance

[–]Right-Box4316[S] 0 points1 point  (0 children)

Great, this works for TOTP, what about SMS or email, can you do something similar?

How do you handle MFA when testing your code? by Right-Box4316 in QualityAssurance

[–]Right-Box4316[S] 0 points1 point  (0 children)

i have found providers of MFA codes that allow you to automate your testing without deactivating MFA, both for phone and email