[sanderjd]

In this case, looping in the original email address on the SendGrid account before changing to a new one would have kept this from happening. SendGrid's support personnel should almost certainly not be able to change an email address without the change being signed off on through the old address first.

[uptown]

But what happens in those rare cases where that first account gets lost / locked permanently?

[danielweber]

You need some kind of "okay, you can get your password back, but it's going to take some time. You cannot get back up instantly."

Maybe they FedEx the password to your physical address on file. Maybe they contact all phone numbers and emails they have for you and say "someone has requested an emergency override, if you object call us back in the next 4 hours." Maybe they do a Skype session and compare your photo to the one they have on file.

All this costs money, of course. That's the price of doing business.

[hadoukenio]

Yes, this is part of what I'm trying to get answers to.

Do you tell the user on signup to print an in-case-of-emergency-break-glass password which is only ever to be used to get into a locked account and other special circumstances?

It may seem over the top but seeing as it's unique across service providers, I think it's a hell of a lot better than the overly abused "what is your mother's maiden name" type questions. I consider these questions to be in the same boat as sharing passwords between websites (since they are)!

[derefr]

Presuming you're paying for this service (and thus have a credit card registered to it), how about the "we've made two $0.00 - $0.99 charges on your card; tell us what the cents digits are and we'll refund them and give you a reset link" model? I've only ever seen it used to initially verify a card--but, provided a card has been verified, continued access to it can be used to re-verify a compromised account.

(And if someone has managed to break into both your personal email account and your business's online-banking account, getting your web-host to recognize you will be the least of your problems.)

[vertex-four]

The solution is to do what everyone who actually needs authentication from a company does; require a posted signed letter from a director, possibly along with an outbound (from SendGrid to the director) phone call to confirm. There's plenty of low-tech ways to confirm that a company really wants to do something.

[hadoukenio]

Please, no.

Consider a determined attacker. A posted signed letter has zero cost and is easily forged and a phone call is free via Skype. There's plenty of low-tech ways to circumvent security.

[vertex-four]

How exactly does Skype let me take over a business's phone number? I am saying that SendGrid should call the company to verify, not the other way round.

[hadoukenio]

Ahh sorry, my mistake. I missed the word "outbound".

[d357r0y3r]

Require that the company submit a legally binding/notarized document before changing the e-mail address.

[hadoukenio]

Lol. So what you're saying is all I need is photoshop to get the keys to the kingdom?

[icebraining]

Electronic notarization uses digital signatures, and SendGrid could just require them. Good luck breaking those with Photoshop.