Do you know how 2FA could be disabled on Lemmy without consent?
Do you know how 2FA could be disabled on Lemmy without consent?
How could 2FA be disabled if you need 2FA in order to login to disable it and my free OTP+ is biometric protected?
You're viewing a single thread.
ITT OP learns that 2FA is just a token stored on a server, and that server is in control by other people
This is what I thought. I keep telling people they don't exclusively own their passwords / security tokens once they give it to a site. Salted hashes to obscure the pw don't even matter since the admin could also bypass that. Tanks for the validation.
And you better pray the website owner (websites in general, not Lemmy specifically) at least hashes your password.
yes, the more layers of security, the better, even if it is just a futile matter of time to consume the time of an ATP.