Originally Posted by
lopinc1
If you were already logged in (via remembered cookies) then you wouldn't be prompted for the two-factor code. The two-factor code is used when you log in on that browser initially.
Maybe, but most two-factor situations (certainly Google) require you to re-authenticate when doing things like lessening security, or changing passwords.
This is pretty insecure.