InfoQ: Disabling Google 2FA doesn't need 2FA

[..] this attack was facilitated by the fact that the attackers were able to turn off 2 factor authentication on Google's password.google.com without needing to confirm by the 2 factor authentication mechanism, which defeats the point of enabling 2 factor authentication.


Previous post: Wired: "Nuclear ‘Power Balls’ May Make Meltdowns a Thing of the Past" Following post: Michael Flarup: The Comeback of Fun in Visual Design