A discussion of weaknesses in two-factor authentication, how developers can accidentally put his vulnerability in their code, and how bad actors take advantage.