|
|
|
|
|
|
by bawolff
2167 days ago
|
|
|
Almost all internet companies have internal tools to disable 2FA. People destroy/break/etc their phones constantly and need it reset. 2FA is meant to protect against someone impersonating you. It is not designed to protect against malicious insider at the org you are trying to prove your identity to |
|
|
The reality is the public loses credentials and keys all the time and at most companies security takes a back seat to convenience and customer service.