Hacker News new | ask | show | jobs
by wwn_se 15 days ago
There is a third option. Most banks here in Sweden solve this by forcing you to show up in person (with a ID card) if you loose your password.

I get that this also is technically a 2FA bypass but the cost is extreme and its really hard to impersonate someone in real life.
1 comments
sigmoid10 15 days ago
How would that even work for internet companies without physical stores? Go to Menlo Park, CA to recover your account?
link
stoltzmann 15 days ago
Facebook already requires verifying your ID in some cases, it's absolutely feasible for them to do it online.

If it's not feasible, I can see an argument that large enough companies should be required to provide in person support options.

Facebook defintely has enough money to facilitate this.

link
wasmitnetzen 15 days ago
There's a lot of online-only banks who have figured this out. Do video auth, outsource it to the postal service, ...
link