Well yeah. If the recovery process is weaker than regular authentication, that's what bad guys will use for account takeover. You don't want to lose Gmail because someone bruteforced your backup code?
It would not be weaker then usual authentication... you would still need username and password.
Not sure why companies nowadays rely on your tiny device to provide a second password. Both my passwords and 2FAs are on that device, what security does it add?
And why do they need a password if they are going to require Timestamped-2FAs anyways?
authed|4 years ago
Not sure why companies nowadays rely on your tiny device to provide a second password. Both my passwords and 2FAs are on that device, what security does it add?
And why do they need a password if they are going to require Timestamped-2FAs anyways?