Comment by basisword
3 hours ago
>> The simple fact that 2FA can be removed by low level support staff drives me mad. It defeats the whole purpose of the process.
The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point.
What if I don't want to lose my account if I lose my 2FA? Then I don't enable 2FA, presumably. But some security guy at your company is forcing me to enable 2FA or you'll just lock my account until I do.
> The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point.
At least make it a major pain in the ass to recover like AWS, which requires some kind of notarised identity verification [1].
[1] https://news.ycombinator.com/item?id=13122723
In theory there is no difference between theory and practice, but in practice there is. Well, it gets complicated quickly when a wide range of users involved.
I always thought the entire concept of even password resets was absurd. Email is a huge SPOF for basically everyone.
If you lose your password or 2FA, you should lose your account, too bad so sad.
Completely unrealistic. Stuff happens. Email accounts get closed for no reason. People lose their phones, or have them stolen. Lots of reasons why someone might need an exceptional account recovery process.
Not saying it should be easy or routine, it should not be. But it must be possible.
That's what recovery codes are for. Unfortunately it seems a lot of 2FA is now implemented without recovery codes.