Comment by docmars
2 months ago
It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.
2 months ago
It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.
Yes, it should be paid of course. Matter of fact, please charge me more for the privilege of not being asked email,phone, credit cards. Just take my money, and feel free to take whatever steps you think are needed to make sure abuse isn't taking places. I champion requiring a "deposit" where if abuse took place the user would forfeit it.
But, my original comment is strictly about email. Even if you asked for a government-id and credit-card payment, I won't object. Just please, no email!
I think that leaves: how would you prefer to recover your account if you lost access?
same way I would with my email provider. But I'd expect a recovery code of some sort that i could save.
How would you normally recover an account? Email? So, if my email is compromised, everything gets compromised? That's not sane at all. You should normally have MFA, and if you can recover your MFA/2FA with email, it's just an over-engineered inconvenience. The way it's done right, the MFA recovery code servers as a general account recovery code as well. You save that somewhere safe and offline.
In this case, they use ssh public keys, so there is no need for all that, just add a spare public key to authorized_keys, and keep it's private key offline and safe, ideally in an HSM.
This is a service for technical people, so all that works, for general consumer service, you give them a choice. Either they choose to use a recovery key, a recovery email/phone...or recovery via payment. Let them pay $1 for recovery, proving they control the original method of payment (KYC not crypto). But if nothing else, users should be able to choose recovery code instead of email. It's more secure, because you're not relying on a 3rd party service to also be secure. I don't like them much, but recovery questions have also been used, but if you think about it, those are not that different from recovery codes, they're just more guessable.
Recovery codes aren't one string, they're usually multiple, so if users chose, they can split up their storage. For added reliability, you can require validation of recovery codes periodically, after a successful sign-in.
2 replies →
[dead]