The part that caught my attention is that you can apparently bypass 2FA by stealing a cookie.
Not a member of The Register? Create a new account here.
Remember me on this computer? Post anonymously?