[awakened]

This is not true. There are several recovery options offered by NearlyFreeSpeech. They are defined in great detail on their website. They offer two factor (TOTP) as well:

"Our membership recovery procedure comes into play when you lose your password and access to your email at the same time, or if you have 2-factor authentication configured and lose the second factor. To regain access, you will need to contact us and perform a certain number of verification actions."

Possible verification actions:

* You provide a scanned copy of a government-issued photo ID.

* You provide a scanned copy of a statement showing both the most recent deposit and a name and address matching one of your accounts.

* You complete SMS verification. (SMS must be previously configured.)

* You complete 2-factor verification. (2-factor auth must be previously configured.)

* You correctly answer your security question. (Security question and answer must be previously configured, below.)

* You use an ssh key to create a file with a specific name on one of your sites hosted here. (Must be previously configured, won’t work if account is empty.)

* We try and fail to contact you via your currently configured email address. (This one may take a long time.)

Recovery Thresholds:

* Scorched Earth. If you lose access to your membership, you won’t be able to recover it. But neither will anyone else. (This is not a joke. If you set this option and lose access to your membership, it and everything on it will be inaccessible until it expires.)

* All possible actions. Excessive security. Just because you’re paranoid doesn’t mean they aren’t after you.

* Five actions. Very high security. Regaining access will be a huge pain for you, and rounds-to-impossible for anyone else.

* Four actions. High security. Provides enhanced protection but if you need to recover access to your membership, it’s probably going to be pretty inconvenient.

* Three actions. Default security. Provides good protection without making membership recovery too miserable.

* Two actions. Reduced security. We really don’t recommend this, but if you’re really forgetful and really sure nobody would ever target your membership, this option exists.

* One action. No security. All it takes is an email bounce and your membership goes to the first person to ask for it. (This is a joke. Don’t pick this.)

Confirmation:

* I understand the recovery setting I'm picking, and I am solely responsible for the consequences.

[teraflop]

To be fair, that level of customizability is fairly new; It was only announced about 8 months ago[1]. I don't know how strict the previous recovery procedure was, since I never had to make use of it.

[1]: https://blog.nearlyfreespeech.net/2014/02/28/price-cuts-more...

[mattbee]

My "computer says no" support experience was in November 2013.

If there were any options to save my friend's data and domain registration, their support guy didn't know about them, or wasn't willing to tell me.