|
|
|
|
|
|
by londons_explore
1405 days ago
|
|
|
They could do far more things to solve this issue... For dormant account reactivation, they can ask the user for lots of details that are in the account. For example, "please type in email addresses of as many people as possible that you have sent emails to from this account". Which cities have you previously logged into this account from? All info would be optional, but the more the user provides the quicker they're going to get in. When the user has provided enough information to be fairly sure that it's a real user attempting to login, then start a 7 day countdown. During the 7 days, contact the users top contacted email addresses and ask them to reply confirming the user is trying to reactivate the account. Hire attackers to try and break into old accounts, and use their input to find the likelihood of each type of information being correctly given by the real account owner and an attacker. |
|
|
Oh. no. I'd rather they just up an deleted the account, instead.
Google is already painful enough to get into old accounts that you haven't used for a while.
For a dormant account, what's the chances that you're going to remember the email address that someone used years ago? People have address books for that, and the address book is locked on the other side of that password prompt.
> During the 7 days, contact the users top contacted email addresses and ask them to reply confirming the user is trying to reactivate the account.
Yeah, nah. That's awful for several reasons.
It's another phishing-like prompt - "Hey joe bloggs is trying to log into their email. Do you think it's really them? Click here to let them into their account".
If you invert it, then you're at risk of someone with a grudge against you clicking the "No, it's an attacker" link. Even a friend clicking it because they think it's funny.
There's no way I'd want most of the people I email to have any involvement in accessing my account, without me being able to nominate specifically whom the system emailed.