require 2fa confirmation to change password

murdick

• 2021年10月02日 05:07

changing your password should not just require your last password, but also a confirmation of your 2fa.

this would help prevent account take overs when someone hijacks an already trusted device with malware or social engineering.

5

• 

  Sp00ky HvRPvK

  • 2021年10月02日 10:07

  yup exactly

  0
• 

  Havoc

  • 2021年11月13日 01:27

  100% this, I wouldn't have just lost my account if this common feature was in Discord.

  0
• 

  Stelard✨

  • 2022年06月12日 06:45

  I've seen friends lose their accounts because someone hijacked their browser token. 2FA *SHOULD* prevent this, but the attackers were able to change their passwords and emails without any kind of 2FA challenge. This has to change.

  0

請登入寫評論。