|
|
|
|
|
|
by Buge
2983 days ago
|
|
|
The cost of hiring security engineers and testing for security bugs is constant with regard to number of users. Whether you have 1000 users or 1 billion users, your service has the same security if you spend the same amount on testing an engineers. But the cost of human intervention in recovery increases linearly with the number of users. I agree with your ideas for automation. But human intervention has problems. One solution for human intervention is to charge a non-refundable fee for recovery. This has the advantage of discouraging attackers from trying to recover. The problem is I think this would cause bad PR for the companies. Now instead of blog posts saying "Google locked me out of my account" there would be blog posts saying "Google is charging me $20 to access my own account" or "Google is holding my account hostage for cash". |
|
|