[EGreg]

Oh is it magic? How do you authenticate yourself enough to reset a password? It’s almost like, you need something else. Such as a device that stores a private key.

Also, everything you said about resetting passwords can be done for resetting private keys too. The difference is that you don’t go around reusing it and typing it into phishing sites.

And if you think getting access to an account where you are totally butt naked and forgot the password is normal, I have a million gmail users who would love your wisdom.

[grishka]

> How do you authenticate yourself enough to reset a password?

With a government-issued identity document.

[EGreg]

Look, I get where you’re coming from. But all this can also be done with cryptography. What you’re describing has a standard called Verifiable Credentials. They can be issued by some trusted organization.

The trouble is, of course, that this organization can have corrupt employees issue the credentials to anyone if the amount of (social or moneyary) capital to be stolen is large.

And furthermore, the credentials like an identity document can be trivially copied and presented online, by anyone you ever presented it to. So can credit cards.

Identity Theft is quite common around the world since many organizations allow people to make accounts over the internet, without even notifying your phone about it.

And finally, by trusting the government with your very identity, you give them the power to encroach further on your privacy:

https://www.techdirt.com/2022/06/29/california-legislators-s...

https://www.theregister.com/2022/02/28/online_safety_bill_do...

Since you are against relying on cryptography for authentication and instead prefer to rely on the government to supply your very identity, I suspect you wouldn’t have a problem with requiring a passport to use Facebook. But perhaps you’d have a problem with what they will do NEXT once everyone is required to collect this information from you. After all, “crypto bros” are just about ponzi schemes right?