Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.
This article by Paul Moore caught my attention this week:
The assertion being the password reset mechanism can be used to secure an account using two-factor authentication by an attacker – making it really hard for you to reclaim.
The lesson is if a service offers two-factor authentication, then you really ought to switch it on.
(Image Copyright Paul Moore)