Comment by federiconafria

Yes, it should not be able to skip the safeguards already in place. But we've also seen what happened with the Instagram accounts takeover.

Banking is more strict, but something similar could happen in an Email client: one email could ask the client to forward a confirmation code you just received. An assistant on your phone could be asked by an email to forward SMS confirmations or to open your front door. etc etc.

The flexibility makes it hard to cover all the bases.