Y
Hacker News
new
|
ask
|
show
|
jobs
by
weird-eye-issue
1042 days ago
You've never done a password reset? That goes to your
email
. If your 2FA is over
email
too then that isn't 2FA. Because you
only need the email
to take over an entire account
1 comments
rkeene2
1033 days ago
So I see the problem now, your model includes a hidden assumption that password resets go to email -- this is not always the case.
link