> On May 27, 2015, at 8:09 AM, Harald Koch <c...@pobox.com> wrote: > > On 26 May 2015 at 11:32, Alex Brooks <askoorb+na...@gmail.com> wrote: > >> >> Can you not set account recory options which change the way password >> reset requests are handled. >> https://support.google.com/accounts/answer/183723 Gives some guidance? >> >> Alex >> > > Unfortunately, setting these options does not disable the separate "account > recovery form" listed at the bottom of the page, and it is this form that > allows you to login with any previous password and to bypass 2-factor auth. > > I must admit I was surprised by this when I tried it just now. I guess it's > time to rethink using Google as a primary account...
According to this page, the 2-factor authentication does kick in when you finally try to reset the password. http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature <http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature> “… I was presented with an emailed link to a reset page. When I clicked that link, since I have two-step verification set up, I was presented with a demand for a number provided by the Google Authenticator app on my phone. I provided that number and only then was I allowed to reset the password.” AK
smime.p7s
Description: S/MIME cryptographic signature