[lazide]

Have you seen how easy it is to get fake government ID? It’s damn near a rite of passage for teenagers so they can buy alcohol. $20-$50 if you know the right person or can wander the dark web right.

I’m not sure you want that to be the absolute best digital security you can get.

[SoftTalker]

Yes it is vulnerable to an attacker who is willing to present himself in person with a fake ID to target a specific account. However it's not scalable or remotely exploitable.

[lazide]

Since it requires a human looking at an ID and then pressing a button, the system triggered by the button press is likely quite exploitable no? Or even worse, scanning and storing an ID, which allows spoofing if those get compromised.

Recovery key isn’t susceptible to that - and isn’t susceptible to fake-id-spotting-ability or bribeability of staff either.

[josephcsible]

Okay, then also require a photo when opting in to this, and make sure the person who shows up looks like said photo too.