| ▲ | nottorp 4 days ago | |
> With that in mind, at a glance the idea of changing your two-factor auth credentials "for security reasons" isn't completely unreasonable. No? How do you change your 2FA? Buy a new phone? A new Yubikey? | ||
| ▲ | croemer 4 days ago | parent [-] | |
For TOTP it's as simple as scanning a new QR code. I agree that rotating 2FA should ring alarm bells as an unusual request. But that requires thinking. | ||