|
|
|
|
|
|
by sowbug
2734 days ago
|
|
|
To generalize the idea: as long as anyone can create a new account, then the value of a new account is zero. The value of the lost account is the value of the differences between it and a new account. The recovery cost should be directly proportional to the value of the account. Aliexpress turns this formula on its head, starting the recovery operation by taking a high-value account and turning it into a low-value one, then presumably using a correspondingly low-cost recovery method. There is an issue of not needing credentials to delete payment data as a kind of DOS attack. Your idea is smart as well: it turns the high-value component of the account into a credential of its own. |
|
|