04-20-2025, 01:26 AM
最近在使用 Hostinger 的過程中,遇到一個讓人摸不著頭緒的小插曲。事情不大,但如果你跟我一樣偏好簡單乾脆的登入流程,可能會忍不住吐槽:「怎麼越安全越麻煩」?
? 表面關了,實際還在
Hostinger 提供兩種兩步驗證(2FA)方式:
- 用手機 App(像 Google Authenticator)
- 用 Email 驗證碼
我進入後台,將這兩種驗證方式都「關閉」了,畫面上也確實顯示為「Enable」按鈕閃爍,代表目前沒有啟用任何一種。
照理說,下一次登入應該就不會再跳出兩步驗證提示了吧?
錯。
下次登入時,系統依然跳出 Email 驗證畫面,並提示:「我們已發送驗證碼到你的信箱,請輸入才能登入。」這封信我是有收到的,並不是信件寄送問題。
但重點來了:為什麼我明明關掉的驗證,還會自動跳出?
整體看起來像是一個邏輯設計問題,或說是系統 bug。前端顯示沒開,但後端還是強制執行。
? 測試方法:使用 Google 帳號登入
為了測試是否有其他方法繞過這個自動跳出驗證的流程,我試著使用 Hostinger 的「以 Google 帳號登入」功能。
結果真的成功!沒有再出現驗證畫面,直接登入後台。
不過我要強調:這只是一個臨時測試用途的方式。不建議長期依賴 Google 登入作為唯一的登入手段,因為從資安角度來說,不夠穩妥。尤其對於管理網站或使用者資料的帳號,更應該使用專門的驗證機制。
✅ 我的建議如下:
- Hostinger 的 Email 驗證功能沒問題,信件寄送正常
- 問題在於:即使你在後台手動「關閉」2FA,實際上仍會被強制執行
- Google 登入確實能繞過這個畫面,但建議僅作為測試或緊急登入用途
- 最安全的做法還是:重新開啟其中一種 2FA 機制(建議使用 App 驗證),確保帳號安全
這次的經驗讓我學到:安全設定不只是看你「有沒有設」,還要看系統「有沒有真的執行或停用」。Hostinger 的這個小 bug 希望未來可以優化,否則真的容易讓使用者一頭霧水。
如果你也遇過類似的狀況,或找到更好的處理方法,歡迎交流!
(本文版權所有,禁止任何形式的轉載與抄襲)
While using Hostinger recently, I ran into a surprisingly annoying issue with their Two-Factor Authentication (2FA) settings. It’s one of those times where a feature meant to improve security ends up causing unnecessary confusion.
? 2FA Says It's Off… But It’s Still There
Hostinger offers two 2FA methods:
- Mobile app authentication (e.g., Google Authenticator)
- Email verification code
I manually disabled both options in the security settings. The interface clearly showed “Enable” for both — meaning 2FA should be off.
That’s what I thought.
But the next time I logged in, Hostinger still prompted me with an email verification message saying:
“We've sent a verification code to your email. Please enter it to continue.”
To be clear, I did receive the email, so the issue isn’t with delivery.
The problem is: Why is 2FA still being enforced when it's turned off?
It feels like a system bug — the UI says it’s disabled, but the backend still enforces verification.
? Temporary Workaround: Google Login
To test other options, I tried logging in via Google (using the “Sign in with Google” button).
Surprisingly, it worked. No email verification screen popped up, and I was logged in successfully.
However, this is just a temporary workaround for testing.
I don’t recommend relying on Google login as a long-term method, especially for important accounts. For account security, a dedicated and clearly managed 2FA method is much more reliable.
✅ My Recommendations:
- Hostinger’s email verification works fine — no delivery issues
- The real problem is that even when you disable 2FA, it still triggers verification
- Google login can bypass the 2FA screen, but should only be used as a temporary solution
- For best security, re-enable one form of 2FA (preferably app-based) to ensure your account remains protected
This experience taught me that security settings aren't just about what you turn on or off — it’s about whether the system actually respects those settings.
Let’s hope Hostinger addresses this issue soon. In the meantime, if you’ve experienced something similar or have a better solution, feel free to share!
(This article is copyrighted, reproduction and plagiarism of any kind are prohibited)
? 表面關了,實際還在
Hostinger 提供兩種兩步驗證(2FA)方式:
- 用手機 App(像 Google Authenticator)
- 用 Email 驗證碼
我進入後台,將這兩種驗證方式都「關閉」了,畫面上也確實顯示為「Enable」按鈕閃爍,代表目前沒有啟用任何一種。
照理說,下一次登入應該就不會再跳出兩步驗證提示了吧?
錯。
下次登入時,系統依然跳出 Email 驗證畫面,並提示:「我們已發送驗證碼到你的信箱,請輸入才能登入。」這封信我是有收到的,並不是信件寄送問題。
但重點來了:為什麼我明明關掉的驗證,還會自動跳出?
整體看起來像是一個邏輯設計問題,或說是系統 bug。前端顯示沒開,但後端還是強制執行。
? 測試方法:使用 Google 帳號登入
為了測試是否有其他方法繞過這個自動跳出驗證的流程,我試著使用 Hostinger 的「以 Google 帳號登入」功能。
結果真的成功!沒有再出現驗證畫面,直接登入後台。
不過我要強調:這只是一個臨時測試用途的方式。不建議長期依賴 Google 登入作為唯一的登入手段,因為從資安角度來說,不夠穩妥。尤其對於管理網站或使用者資料的帳號,更應該使用專門的驗證機制。
✅ 我的建議如下:
- Hostinger 的 Email 驗證功能沒問題,信件寄送正常
- 問題在於:即使你在後台手動「關閉」2FA,實際上仍會被強制執行
- Google 登入確實能繞過這個畫面,但建議僅作為測試或緊急登入用途
- 最安全的做法還是:重新開啟其中一種 2FA 機制(建議使用 App 驗證),確保帳號安全
這次的經驗讓我學到:安全設定不只是看你「有沒有設」,還要看系統「有沒有真的執行或停用」。Hostinger 的這個小 bug 希望未來可以優化,否則真的容易讓使用者一頭霧水。
如果你也遇過類似的狀況,或找到更好的處理方法,歡迎交流!
(本文版權所有,禁止任何形式的轉載與抄襲)
While using Hostinger recently, I ran into a surprisingly annoying issue with their Two-Factor Authentication (2FA) settings. It’s one of those times where a feature meant to improve security ends up causing unnecessary confusion.
? 2FA Says It's Off… But It’s Still There
Hostinger offers two 2FA methods:
- Mobile app authentication (e.g., Google Authenticator)
- Email verification code
I manually disabled both options in the security settings. The interface clearly showed “Enable” for both — meaning 2FA should be off.
That’s what I thought.
But the next time I logged in, Hostinger still prompted me with an email verification message saying:
“We've sent a verification code to your email. Please enter it to continue.”
To be clear, I did receive the email, so the issue isn’t with delivery.
The problem is: Why is 2FA still being enforced when it's turned off?
It feels like a system bug — the UI says it’s disabled, but the backend still enforces verification.
? Temporary Workaround: Google Login
To test other options, I tried logging in via Google (using the “Sign in with Google” button).
Surprisingly, it worked. No email verification screen popped up, and I was logged in successfully.
However, this is just a temporary workaround for testing.
I don’t recommend relying on Google login as a long-term method, especially for important accounts. For account security, a dedicated and clearly managed 2FA method is much more reliable.
✅ My Recommendations:
- Hostinger’s email verification works fine — no delivery issues
- The real problem is that even when you disable 2FA, it still triggers verification
- Google login can bypass the 2FA screen, but should only be used as a temporary solution
- For best security, re-enable one form of 2FA (preferably app-based) to ensure your account remains protected
This experience taught me that security settings aren't just about what you turn on or off — it’s about whether the system actually respects those settings.
Let’s hope Hostinger addresses this issue soon. In the meantime, if you’ve experienced something similar or have a better solution, feel free to share!
(This article is copyrighted, reproduction and plagiarism of any kind are prohibited)