Security: MFA for Recovery & TOTP support
This is a major security risk as the recovery mechanism only requires a single factor authentication.
Think of a scenario where your mobile phone number has been maliciously ported out to another service provider and all of a sudden you lost access to your Yahoo Account.
If you enable MFA on your account, features such as Yahoo Security Key, you MUST require additional approval whenever someone sends a temporary PIN to the registered phone number.
Feature request:
- Add additional layer of protection to the account recovery procedure either via yahoo secure key or a temporary pin sent to another email
- Add TOTP support for apps such as google authenticator or authy.
190th
ranked
Andre T.
shared this idea