Matrix.org's Synapse now applies a grace period to user-interactive-authenticated requests (the logic is that you do not need to confirm that you are the legitimate owner of an access token if you have literally just been given that access token).

However, various people have angrily reported that it is now too easy to deactivate your account by accident, since clients incorrectly assume that there will be a UIA step before the deactivation takes place.

As a workaround, it is suggested that the UIA grace period should only apply to E2E key uploads.