Hacker News new | ask | show | jobs
by op00to 879 days ago
1. Disable the account from further access.

2. Send a postcard to the billing address where you signed up (verified against credit reports) with a one time verification code, upon which some second factor is set up. Maybe put 20 "rescue codes" on the postcard too, if you like.

3. Force user to enable some sort of second factor authentication on their next login.
1 comments
vel0city 879 days ago
Imagine a service you paid for locking your account and sent a postcard to an address you haven't lived at in a decade. What a great user experience!
link
op00to 879 days ago
if you paid for a service, the onus is on you to keep your information updated with that service.
link
vel0city 879 days ago
Do you actually update all your address in every service the moment you move?
link
op00to 879 days ago
Ones I care about, yes.
link