GlyphI wish infosec folks would spend more time talking about account recovery processes. Right now it feels like there’s a huge gap between “sms 1fa is fully sufficient for instant password reset” and “you own a yubikey so fuck you forever if you ever have a house fire”. And robust authentication protocols get subverted all the time by weak reset policies
Zimmie@glyph This honestly seems like a missed opportunity for banks with physical locations. They already have account locking and unlocking processes. If they had jumped on computer tech early instead of dragging their feet, personal authentication could have been very different.