|
|
|
|
|
|
by buran77
2166 days ago
|
|
|
> It doesn't require 2FA reauthentication I'm sorry but that's really being pedantic. Re-authentication is an authentication, again. You can change (remove!) a security factor with no confirmation of that particular factor for that particular action. > You could say: "You don't need a password to log in to anyone's gmail account" You could say it and it would be true, just not very interesting as this is exactly what everybody expects. But if you'd say you are allowed to change the password without entering the old one it would sound pretty much like what's happening here, no? Google is not consistent with how they treat the 2 factors (password vs. second factor). At the very least they should make it clear when enabling it under what circumstances it can be disabled. No guarantee people will read but at least the more security concerned would. You can defend their decision if you want but contradicting the situation is really not "factual", it's just playing with words. |
|
|