What will this feature do differently?
An option “2FA reset” would be added to emergency access alongside “View” and “Takeover”. It would allow the grantee to disable all 2FA providers of the grantor. Like other emergency access options, a waiting time could be set, during which the grantor can deny the request.
Because 2FA is only used for authentication and not encryption, this option would not need any key exchange.
What benefits will this feature bring?
It would be a very useful 2FA recovery option. Some events (like a house fire) may result in the loss of all 2FA options, while asking a friend for recovery would still be possible.
This can be achieved with “Takeover” option, but you might want to allow some people to reset your 2FA without granting them access to your entire vault. This is also more secure than giving them your 2FA recovery code thanks to the wait time and because you could more easily control who has access.
