Remove 2FA Verification When Decreasing AI Overage Limit

Vage

Current Situation

Currently, both increasing or decreasing the AI overage limit requires additional verification through 2FA.

Suggested Change

Only require 2FA for increasing the limit – allow for decrement without 2FA.

Reason

This reduces friction when reducing the limit.

Furthermore, this makes it easier to prevent a party, that has gained unauthorised access to an account, from creating additional charges, when access to the 2FA device and backup codes has been temporarily or permanently lost.

Implementation

Currently, the billing page allows you to change the limit in the input box but only applies it when clicking on "Save", triggering 2FA. Instead of always triggering 2FA when clicking on "Save", you could check whether the limit has increased or decreased to decide on whether to apply the change or require 2FA.