| Bron, I think your concerns are justified and understandable. Thanks for entertaining the idea. I am one of those advocates and would enable such option if given. That said, I did have an instance when I had to call AWS support because of their own screw-up. I closed the AWS portion of my account but not the Amazon.com shopping portion. I later found out that I can no longer remove 2fa on the AWS portion because I no longer have it. I no longer have it because I already closed the account and thought it was safe to remove. However, because of their faulty system design, a closed account was enforcing 2fa on my Amazon.com portion preventing me from accessing it. In this case, the support agent helped me to regain access. That support agent's ability to fix their faulty system design is both good and a potential liability. I wouldn't want a "I won't ever screw up" mode there. In the case of email though, when certain conditions are met, it becomes a safer thing to do compared to getting screwed over by support staff. The pre-conditions are:
1) The user is using custom domains only
2) The user has past emails backed up on his/her own devices When these conditions are met, the user has complete control of their email destiny. In the case of losing FastMail account access, they can continue to receive email because they control the domain. They also have complete email history because they back it up. That said, I believe your clearer response elsewhere in this thread is good enough for me personally. I was concerned before because of the vague responses. I think for FastMail, the risk perhaps outweighs the better security for me personally even if I would welcome it. |