|
|
|
|
|
|
by close04
2174 days ago
|
|
|
While it can help you get out of a bind if you misplaced your 2FA token/app, changing any security parameters (especially when reducing security)should require entering all authentication methods enabled for the account. Imagine how changing a password requires the old password, not just the new one. At the very least they could make it configurable, let the user decide if they want to be able to turn off 2FA without being asked for a confirmation token. |
|
|