Hacker News new | ask | show | jobs
by pamcake 164 days ago
Had a close call:

Apparently it's possible to bypass 2FA and do a password reset of a Google account without email access, if the account owner doesn't abort it within 30 days. I confirmed that it works by "pwning myself" afterwards. So keep an eye on your old Gmail inbox if it matters.
3 comments
throwa356262 164 days ago
Never heard of this before, and I think the mail Google sends you specifically says it is safe to ignore it if it didn't come from you.

Has this recently changed?

link
omnifischer 164 days ago
Apparently?

i.e -> fake news.

link
pamcake 164 days ago
No.

First-hand account.

link
rand89 164 days ago
what how does this work
link