|
|
|
|
|
|
by CommodoreCrunch
950 days ago
|
|
|
But how are they getting into the account to begin with? Enabling PGP would prevent at least one method of password reset and they wouldn't get as far as the settings screen. You could make the same case against 2FA. Most sites don't require email verification when you enable it. Someone with your password could lock you out by adding a TOTP app. But I wouldn't consider that a vulnerability. It is, if anything, a consequence of not locking down the account in the first place. |
|
|