E-mail and phone are critical attack verctors when associated with your online accounts

I think that there should be no e-mail associated with accounts.

Email accounts are another point of failure and attack vector.

Also phone numbers should not be associated with accounts, this is a huge security flaw.

The best way to secure an account is with long passphrase, non-phone-number 2FA (with Google Authenticator or hardware device using public key cryptography) and/or PGP key.

Passphrase recovery should not be possible or really hard and uncomfortable (you need to fly to the office in person with your passport and 3 witnesses + 1 year waiting period).

Comments

Popular posts from this blog

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

[ad removed]