E-mail and phone are critical attack verctors when associated with your online accounts

I think that there should be no e-mail associated with accounts.

Email accounts are another point of failure and attack vector.

Also phone numbers should not be associated with accounts, this is a huge security flaw.

The best way to secure an account is with long passphrase, non-phone-number 2FA (with Google Authenticator or hardware device using public key cryptography) and/or PGP key.

Passphrase recovery should not be possible or really hard and uncomfortable (you need to fly to the office in person with your passport and 3 witnesses + 1 year waiting period).

Comments

TedJonesWeb.blogspot.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com

Popular posts from this blog

The new Bitstamp's KYC (Know Your Customer) questionnaire is intrusive and out of control

"The Uncensored Hidden Wiki" fake replica!

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

Conceive for Him Review - Herbal Remdy to Increase Fertility in Men