| ▲ | basisword 4 hours ago | ||||||||||||||||
>> The simple fact that 2FA can be removed by low level support staff drives me mad. It defeats the whole purpose of the process. The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point. | |||||||||||||||||
| ▲ | ValentineC 3 hours ago | parent | next [-] | ||||||||||||||||
> The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point. At least make it a major pain in the ass to recover like AWS, which requires some kind of notarised identity verification [1]. | |||||||||||||||||
| ▲ | pocksuppet 2 hours ago | parent | prev | next [-] | ||||||||||||||||
What if I don't want to lose my account if I lose my 2FA? Then I don't enable 2FA, presumably. But some security guy at your company is forcing me to enable 2FA or you'll just lock my account until I do. | |||||||||||||||||
| ▲ | MarleTangible 4 hours ago | parent | prev | next [-] | ||||||||||||||||
In theory there is no difference between theory and practice, but in practice there is. Well, it gets complicated quickly when a wide range of users involved. | |||||||||||||||||
| ▲ | robinpie 4 hours ago | parent | prev [-] | ||||||||||||||||
I always thought the entire concept of even password resets was absurd. Email is a huge SPOF for basically everyone. If you lose your password or 2FA, you should lose your account, too bad so sad. | |||||||||||||||||
| |||||||||||||||||