That doesn't make forcing it any less wrong.
replyWhy is 2FA so critical it’s worth proactively breaking the user? What’s the even more bad thing that would (not could) happen to the user if 2FA was not enabled?
replyPassword database leaks turning into spam/proxy farms of very well aged accounts.
reply