Quote (Cfwx @ Dec 5 2018 03:01pm)
That’s fine. Just remove the requirement of having one if you have 2FA enabled.
You have no idea what you’re talking about lmfao. Gold pw is a static password, if someone knows it you’re f’ed. 2FA changes every 30sec which makes it a million times more safe.
That is very true! Just as much as if someone got
access to your email (which is protected by only one password) they can verify your 2 FA. If you use 2FA on the cellphone you are absolutely protected, but once you
lose your
phone number, then you can just imagine the procedure to
verify that you are the rightful owner of your d2jsp account.
How are people going to guess two passwords without your computer being
compromised? And if your computer is compromised, then they can
steal your web-session and use your account without a password. Which means
a
2FA is useless unless you have a gold password combined OR require it every time you send FG.
Does Google 2-step verification protect user from session hijacking? - Short answer: Yes, the attacker can use session hijacking.
source:
https://security.stackexchange.com/questions/56555/does-google-2-step-verification-protect-user-from-session-hijacking