Google 2FA app token can be updated without checking the old 2FA
New to topics? Read the documentation here!
Google 2FA app token can be updated without checking the old 2FA by Ciro Santilli 34 Updated 2024-12-15 +Created 1970-01-01
Ermm, as of February 2021, I was able to update my 2FA app token with the password alone, it did not ask for the old 2FA.
So what's the fucking point of 2FA then? An attacker with my password would be able to login by doing that!
Is it that Google trusts that particular action because I used the same phone/known IP or something like that?