[pzduniak]

I personally use it for LOTS of stuff, both personal and commercial (as a Slack replacement). Other than a couple bugs (pinch to zoom on Android, media playback), it's fine - I don't feel like I need any more features, though I'd love it to be a bit snappier. KBFS has been excellent for stuff like secrets in CI pipelines.

Disclaimer: I'm one of the ex-Keybase, now Zoom people. I'm definitely in a bubble. The non-Keybase people I talk with are my consultancy's employees + a couple clients.

Keybase's security model is excellent in protecting you from attacks like the one described in the OP. If you can't sign your device with another one, you can only recover a username if:

- it's not in [lockdown mode](https://book.keybase.io/docs/lockdown)

- it has a verified email / phone number

- you either click a reset link in the email / SMS _or_ know the password

- _and_ the user fails to cancel the reset over many days of warnings.

And if you manage to go through all that trouble, all your contacts will get blasted with warnings about your identity. Fun!