I have noticed that working around the multifactor authentication is as easy as requesting an email to my email address. This is something which has been exploited several times in other online providers, and it means that regardless of 2FA, if someone takes control of my email they will be able to bypass 2FA (which partly defeats the purpose) and breach into all my accounts and passwords.
So the questions are:
- Is there a way I can disable MFA reset through email if I have, let's say, 3 multi-factor authentication methods?
- Should email be disabled as MFA workaround, would I be able to recover from MFA loss using a Trusted Person (emergency contact)?