> The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point.
replyAt least make it a major pain in the ass to recover like AWS, which requires some kind of notarised identity verification [1].
What if I don't want to lose my account if I lose my 2FA? Then I don't enable 2FA, presumably. But some security guy at your company is forcing me to enable 2FA or you'll just lock my account until I do.
replyIn theory there is no difference between theory and practice, but in practice there is. Well, it gets complicated quickly when a wide range of users involved.
replyI always thought the entire concept of even password resets was absurd. Email is a huge SPOF for basically everyone.
replyIf you lose your password or 2FA, you should lose your account, too bad so sad.
Completely unrealistic. Stuff happens. Email accounts get closed for no reason. People lose their phones, or have them stolen. Lots of reasons why someone might need an exceptional account recovery process.
replyNot saying it should be easy or routine, it should not be. But it must be possible.
That's what recovery codes are for. Unfortunately it seems a lot of 2FA is now implemented without recovery codes.
replyI suspect very few people have good management of recovery codes.
replyI just save them in my password manager.
As best as I can tell, everyone I work with simply doesn't save them at all and initiates a password reset if they lose their password/2FA.