Ciro Santilli
🔗

Google 2FA app token can be updated without checking the old 2FA | 🗖 nosplit | ↑ parent "Multi-factor authentication" | 66

🔗
Ermm, as of February 2021, I was able to update my 2FA app token with the password alone, it did not ask for the old 2FA.
🔗
So what's the fucking point of 2FA then? An attacker with my password would be able to login by doing that!
🔗
Is it that Google trusts that particular action because I used the same phone/known IP or something like that?
🔗