Comment I'm missing something - how is this more secure? (Score 1) 45
If a bad actor already has access allowing them to create a new email address which doesn't belong to them, what's to stop them from setting up the new second factor using their own authenticator app as well? Seems like all this does is save the bad actor some time, since now they don't have to compromise a target's SIM first.