Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't that a caveat with a lot of 2fa systems though? If you get locked out and don't have the recovery keys you got when you set it up, you are basically permanently locked out.


In some cases you can end up doing hilarious things like emailing scanned passports to get it reset. It usually depends on the compromise the provider is willing to make (and the amount they are willing to spend on customer service)


I would love to have systems where I can set a password and there is not online reset available. For my retirement account, for example. If I forget my password, I have to go to an office in person to reset. Maybe a $50 fee, if this service is too much of a burden on the broker. Same with my bank. They have branches everywhere. I know many people forget their passwords all the time, so they need a easy reset for those people, but for others that want a more secure system why not an in-person reset for a fee? Bad PR? News stories about how those greedy banks now want to make money when you forget your password?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: