|
|
|
|
|
|
by tluyben2
2095 days ago
|
|
|
> and just did an email change + password reset on the original account. But isn't that why the user had 2FA on? Why can someone change the email + switch off 2FA; you would want only 1 of these would you not? If you tell support you lost your email and 2FA, that would be very unlikely, so why would it be so easy to set that up? Are there immutable logs with credentials for this kind of action and how easy is it for employees to access / change it; I mean why would many people have the permission to take this action? Especially without some kind of flag that there is something up with the account (like unused, flagged content etc). |
|
|