|
|
|
|
|
|
by im3w1l
955 days ago
|
|
|
Even email verification might not be enough. Consider the following scenario 1. Attacker somehow gets control of email 2. Attacker uses email to "recover" facebook. 3. Attacker uses email to add pgp. (time passes) 4. User realizes facebook and email are taken over 5. User somehow recovers email 6. User tries to recover facebook using email but is unable to |
|
|