How hackers can steal your 2FA email account by getting you to sign up for another website

In a paper for IEEE Security, researchers from Cyberpion and Israel's College of Management Academic Studies describe a "Password Reset Man-in-the-Middle Attack" that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it's protected by two-factor authentication. (more")