| I have the same question. The problem is picking a company you can be confident in for both: 1. Competent security 2. Good support Google meets 1. but fails at 2. Every time this topic comes up there are many suggestions meeting 2, but without any arguments or evidence that the suggestions also meet 1. According to HN security guru tptacek the top three most secure companies are Google, Apple, and Microsoft. (Paraphrasing from memory, any errors are my own.) Apple and Microsoft both have retail locations unlike Google, which could in principle be used as a last resort for recovery, but I don't know if they actually are. Without good process and training that could open a weakness from social engineering, similar to SIM jacking at cell phone shops. Does anyone here know if Apple, Microsoft, or any other company meets both 1 & 2? Does anyone here know if Apple or Microsoft account can be recovered at retail locations with an ID? And if that process is social engineering resistant? Edit: the thing to consider with self hosting is that there is no such thing really. You have to register your domain somewhere. What is that provider using to authenticate you? Not saying you shouldn't have your own domain, just that it's also a thing that can be lost or attacked. You also have to run your VPS or server somewhere. Do you own a datacenter? Do you have a backup generator and redundant internet at your house? Not saying you must but there's always trade-offs. |