Slack allows to change settings of the 2FA without being asked for a code, provided a session is active. How do you feel about this? Do you consider it an acceptable practice? Personally, I think it weakens 2FA a lot. You wouldn't allow to change a password without asking for it, only because a session is active. Why doing it different on 2FA codes? I'm curious to hear some opinions
>>61488281
common practice with shitty chat clients, discord used to allow you to log in through token, disable 2fa, all without knowing or having access to the 2fa in question
>>61488281
What the fuck is slack?
>>61488524
Chat client for off-whites
>>61488555
Please elaborate