[nikolay]

I feel like I should attempt to reach out to Werner Vogels, their CTO, who I respect greatly. I'm sure this is some data migration that went rogue, etc., but a simple mechanism of "remind me later" to a password reset would have fixed the issue. You must not twist the arms of a customer with 2FA enabled to change their password! Also, if the mobile app asks me to change my password, it would be inconvenient as I still prefer desktop browsers for this type of activity. Also, the app on my phone, which has been installed and activated for ages, is effectively another form of 2FA - why was I logged out from there, too?! In general, they are violating many of the modern-day best practices!