Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
lordlimecat
on July 11, 2020
|
parent
|
context
|
favorite
| on:
Disabling Google 2FA doesn't need 2FA if you're al...
Literally no other online service (or their security engineers) have arrived at this conclusion. Changing password has always required knowledge of the password, and disabling 2fa has always required a 2fa check precisely to defeat token attacks.
anon91
on July 11, 2020
[–]
It's even worse on iOS. You can reset your Apple account password using the 6 digits code of your iPhone even if 2FA is enabled.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: