When you enable 2FA, why is your second factor required to reset password?

In a conversation with a coworker the other day, I had trouble successfully defending why, when you enable 2FA on a service, you’re required to enter a second factor before changing your password (in, say, a “lost password” f… Continue reading When you enable 2FA, why is your second factor required to reset password?

When you enable 2FA, why is your second factor required to reset password?

In a conversation with a coworker the other day, I had trouble successfully defending why, when you enable 2FA on a service, you’re required to enter a second factor before changing your password (in, say, a “lost password” f… Continue reading When you enable 2FA, why is your second factor required to reset password?