Issue #15908 new
Having the keys available from a logged in account is fine I suppose, but having them available without re-confirmation is a weak link.
At the very least, it should require privilege elevation / reconfirmation:
- Require the password before accessing the recovery-codes page, or
- Require a confirmation via a different channel (e.g.) e-mail