![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/ca9b0de3-205f-47ca-a620-5fbddb680695.png)
So obviously the saved state in the app wasn’t actually expired, since it could still approve MFA requests. So what good is it expiring biometric auth if the app is still authorized to log me in effectively bypassing MFA?
I love this and hate this so much
And that’s why companies spend money on marketing lol