How could 2FA be disabled if you need 2FA in order to login to disable it and my free OTP+ is biometric protected?

  • Lightscription@lemmy.worldOP
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    This is what I thought. I keep telling people they don’t exclusively own their passwords / security tokens once they give it to a site. Salted hashes to obscure the pw don’t even matter since the admin could also bypass that. Tanks for the validation.