23Oca
Should all sessions expire after disabling 2FA?
I know that when enabling 2FA all sessions must expire. But how about disabling 2FA? Should all sessions expire then?
I know that disabling 2FA is a risk, but that's not the question. I'm wondering only about all active sessions - do they need to expire after disabling 2FA?
