Comment by Telaneo
11 hours ago
Not add 2fa automatically, but instead prompt with options to add it.
This probably doesn't comply with the relevant recommendations, but cutting a user of from their email is worse in my opinion.
11 hours ago
Not add 2fa automatically, but instead prompt with options to add it.
This probably doesn't comply with the relevant recommendations, but cutting a user of from their email is worse in my opinion.
I'm sure Google prompted author for years begging to turn the 2FA on, as well as warning that they will enforce it on day X. Author ignored them all.
That doesn't make forcing it any less wrong.
Why is 2FA so critical it’s worth proactively breaking the user? What’s the even more bad thing that would (not could) happen to the user if 2FA was not enabled?
Password database leaks turning into spam/proxy farms of very well aged accounts.