[ryanseys]

Then break the legion of builds in the name of security.

[hn_throwaway_99]

That seems along the lines of "I can just turn off the ability to log in to prevent account hacking!" level of security thinking.

[thw0rted]

If your choices are "disable all logins" or "anybody can log into my bank account and make whatever transfers they want", the correct choice is the former. (Obviously I would prefer a third option, where the company actually fixed the login bug sometime during the 104-day lead-up, but that's not the point.)

[wbl]

For some accounts you do exactly that if you have to.

[Robin_Message]

What if we could have both, just by sending an email? Hit compose underlying!