HackerTrans
トップ新着トレンドコメント過去質問紹介求人

CommodoreCrunch

no profile record

コメント

CommodoreCrunch
·3 年前·議論
But how are they getting into the account to begin with? Enabling PGP would prevent at least one method of password reset and they wouldn't get as far as the settings screen.

You could make the same case against 2FA. Most sites don't require email verification when you enable it. Someone with your password could lock you out by adding a TOTP app. But I wouldn't consider that a vulnerability. It is, if anything, a consequence of not locking down the account in the first place.