This does not seem to matter:
If its connected or not, it seems one can log in with google? Also, it does not use a second factor while doing so?
Lastly, I added a second MFA:
This is both good and bad if we want to enforce the reporting of lost second tokens.
This does not seem to matter:
If its connected or not, it seems one can log in with google? Also, it does not use a second factor while doing so?
Lastly, I added a second MFA:
This is both good and bad if we want to enforce the reporting of lost second tokens.