> There were some security measures of course. Before I can save the changes it required me to pass a 2fa. Again, because I own the email I had no issues getting pass this little challenge.
Wait, that's not how 2fa is supposed to work, is it?
Ideally no. You want a 2fa to be different from your email. But it comes down to the user if they want to enable it or not. If they don't have it enabled the services default to sending a code to the users primary email. My guess is to prevent people from being compromised from malicious sessions.
Wait, that's not how 2fa is supposed to work, is it?