|Recommended Configuration||Authenticator; SMS; Email|
|Alternate Configuration 1|
|Alternate Configuration 2|
|Alternate Configuration 3|
|Account/Password Recovery||PR SMS; PR email|
|Remarks||automatic SMS backup signup using phone number on file; automatic email backup signup using email on file|
Notified on January 11, 2020.
Closed on January 28, 2020; did not understand vulnerability with authentication policy.
Silently fixed vulnerability without notifying us as of March 8, 2020; this page represents our original findings.