@kevinmirsky ironically?

Bringing back those stupid security questions... if they actually put it into the password recovery workflow before 2FA, and you put in nonsense answers they can't guess (as I always do)

If you meant you as a user, I think our only defense is trying to prevent them from connecting the recovery phone number to the account based on our telephony setup

@SwiftOnSecurity seems to mention VoIP and cell specifically, even though I don't presume it's exclusive to them