Comment by fc417fc802
6 hours ago
> Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.
To be fair, if you inadvertently get locked out of your Google account "tough luck, should have used a different provider" and Gmail is a household name so ...
Less snarky, I think that there's absolutely nothing wrong with key escrow (either as a recovery avenue or otherwise) so long as it's opt in and the tradeoffs are made abundantly clear up front. Unfortunately that doesn't seem to be the route MS went.
Google has a pretty robust recovery process. Of course if you've given them absolutely nothing about them then forgotten your password, it's tough.
Google will lock you out of an account even if you remember your password. This happened to me, when Google decided to use the recovery email address for 2FA, locking me out of my primary account. And the exact same change was made to my recovery account, at the same time. As for the recovery email of my recovery emails address, it was with a company that hadn't existed for over a decade, and no longer existed.
As long as the automated flow works everything is great. But if the music stops can you get in touch with a human to fix it? That applies not just to auth but pretty much all of their stuff. Plenty of horror stories have made it to the HN front page over the years.
I've had to get in touch with a human before for account recovery, it worked. Horror stories, idk. I hear horror stories about every single business I interact with, but then don't experience it myself.