|
|
|
|
|
|
by jameswestgate
1074 days ago
|
|
|
The email is a replacement factor for the password, so this is still 1FA. This would also be an issue if email was a recovery factor for either password or MFA. I always advise people to MFA their email accounts because that’s where all password resets are sent making it single target for many account takeovers. |
|
|