Hacker News new | ask | show | jobs
by deepsun 74 days ago
I tried to read it assuming the blog post author is a hacker. The hacker could have stolen an OTP device with DNS access, but couldn't steal for the phone number (so they removed it, there was no explanation why phone number is removed). And honestly, how else could they prove they are legit? What if they really are a hacker?

It would be cool if Google (and other media giants, especially IdP ones) had an office where you could bring your passport and verify it's you. I don't think there is.
2 comments
alwa 74 days ago
I’d hate for the “government-name” verification to become a requirement, but I’ve long wished services would at least offer that as an optional add-on. For certain important accounts, I’d be eager to place my government identity on file with the company ahead of time.

The Americans have done something kind of interesting along those lines, as far as an in-person IDV option to establish e-government accounts [0]. You start account setup online, then take a barcode to a post office along with your identity documents.

I have to imagine it’s hard to make a commercial case for such a system, though… especially these days with so much momentum toward the approach I resent—that is, requiring ID checks just to be online in the first place.

[0] https://www.login.gov/help/verify-your-identity/verify-your-...

link
wvenable 74 days ago
Now try and read it assuming that instead of a screw up, this user was actually hacked. How do they recover?

Honestly, if you are using Gmail as your primary email I could probably ruin your entire year. I could just try and hack you (not even successfully) and Google will just shut down your entire life rather than attempt to work out who's right.

link
gck1 74 days ago
> I could just try and hack you (not even successfully) and Google will just shut down your entire life rather than attempt to work out who's right.

Had this happen to me. Fortunately the 'attacker' wasn't actually trying to do this, so damage was limited, but it's chilling when you think about what some motivated script kiddy can do with your Google account just by requesting password resets.

link