From a security standpoint, is it OK to pass a two-factor code via query strings on a GET request?
Let’s say I have a protected resource that I want to fetch. The use
