E-mail and phone are critical attack verctors when associated with your online accounts

I think that there should be no e-mail associated with accounts.

Email accounts are another point of failure and attack vector.

Also phone numbers should not be associated with accounts, this is a huge security flaw.

The best way to secure an account is with long passphrase, non-phone-number 2FA (with Google Authenticator or hardware device using public key cryptography) and/or PGP key.

Passphrase recovery should not be possible or really hard and uncomfortable (you need to fly to the office in person with your passport and 3 witnesses + 1 year waiting period).

Comments

TedJonesWeb.blogspot.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com

Popular posts from this blog

"The Uncensored Hidden Wiki" fake replica!

Conceive for Him Review - Herbal Remdy to Increase Fertility in Men

Stallion XL Review – The Natural Sexual Enhancer for Men

Archiving private keys - TLDR version

The new Bitstamp's KYC (Know Your Customer) questionnaire is intrusive and out of control