Hacker News new | past | comments | ask | show | jobs | submit login

Literally no other online service (or their security engineers) have arrived at this conclusion. Changing password has always required knowledge of the password, and disabling 2fa has always required a 2fa check precisely to defeat token attacks.



It's even worse on iOS. You can reset your Apple account password using the 6 digits code of your iPhone even if 2FA is enabled.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: