How could 2FA be disabled if you need 2FA in order to login to disable it and my free OTP+ is biometric protected?

  • Scrubbles
    link
    fedilink
    English
    43 months ago

    ITT OP learns that 2FA is just a token stored on a server, and that server is in control by other people

    • LightscriptionOP
      link
      fedilink
      13 months ago

      This is what I thought. I keep telling people they don’t exclusively own their passwords / security tokens once they give it to a site. Salted hashes to obscure the pw don’t even matter since the admin could also bypass that. Tanks for the validation.

      • Prison Mike
        link
        fedilink
        33 months ago

        And you better pray the website owner (websites in general, not Lemmy specifically) at least hashes your password.

        • LightscriptionOP
          link
          fedilink
          23 months ago

          yes, the more layers of security, the better, even if it is just a futile matter of time to consume the time of an ATP.