This made me realize that despite not using SMS 2FA, my accounts still could be hijacked if they offer a password reset using my phone number (or if they offer a fallback 2FA to SMS, which I recently encountered somewhere). I should probably deliberately forget my passwords and test what it takes to regain the access...
1 comment
[ 0.30 ms ] story [ 10.9 ms ] thread