Comment by ValentineC
1 hour ago
> The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point.
At least make it a major pain in the ass to recover like AWS, which requires some kind of notarised identity verification [1].
No comments yet
Contribute on Hacker News ↗