|
|
|
|
|
|
by troyjfarrell
4464 days ago
|
|
|
You should review the work NearlyFreeSpeech.NET recently did on customizable account recovery options. It's easy the best I've every seen. It works like this: 1) You decide how valuable the account is, the probability that you will lose access to the account, and the probability that the account will be attacked.
2) You selected the required number of recovery actions, from one recovery action to completely unrecoverable. Possible recovery actions include (copied from NFSN): * You provide a scanned copy of a government-issued photo ID.
* You provide a scanned copy of a statement showing both the most recent deposit and a name and address matching one of your accounts.
* You complete SMS verification. (SMS must be previously configured.)
* You complete 2-factor verification. (2-factor auth must be previously configured.)
* You correctly answer your security question. (Security question and answer must be previously configured, below.)
* You use an ssh key to create a file with a specific name on one of your sites hosted here. (Must be previously configured, won’t work if account is empty.)
* We try and fail to contact you via your currently configured email address. (This one may take a long time.) As far as I'm concerned, this is the way it should be done. The public details are on their blog:
https://blog.nearlyfreespeech.net/2014/02/28/price-cuts-more... |
|
|