@Shaunkoh @SwiftOnSecurity my reading: yes*, yes *...

@Shaunkoh @SwiftOnSecurity my reading: yes*, yes

* = if the 2FA is the *only* requirement to reset your password, unlike e.g. knowing non-public information about you before you are allowed to use 2FA to authenticate on the reset password screen. But a determined hacker might be able to get that too

Like 11 January at 5:16 | Wall-to-wall | Open on chaos.social