now | writings | rss | github | twitter | contact

posted to status updates via twitter on aug 18th, 2018 and commented on 11 times
Comments? Contact me via Twitter or e-mail.

11 Comments

dwc (authentic, via ) on august 18th, 2018 at 17:10:06:

Tell them to auth with one of their single-use codes they got after activating 2FA?

joshua stein (authentic, via ) on august 18th, 2018 at 17:12:35:

Those are gone too.

dwc (authentic, via ) on august 18th, 2018 at 17:18:25:

Well, crap. Strictly speaking I’d say they’re SOL because otherwise what’s the point of 2FA if you can social engineer your way around it. In practical terms maybe there’s another high confidence authentication that would be satisfactory. Yikes.

Cesar Clandestine (authentic, via ) on august 18th, 2018 at 17:45:49:

Does anyone really save those single-use codes?

dwc (authentic, via ) on august 18th, 2018 at 18:35:40:

I do. I have 2 hard keys and have multiple copies of the codes.

Aaron Bieber (authentic, via ) on august 18th, 2018 at 17:13:12:

I have seen both. Joyent let me reset, GitHub won’t do it unless you have an ssh key pair associated with the lost account.

Cesar Clandestine (authentic, via ) on august 18th, 2018 at 17:35:27:

Happened to me on http://lobste.rs and happily the admin reset 2FA for me after an email confirmation

Mike C (authentic, via ) on august 19th, 2018 at 00:09:07:

This is why SMS continues to be popular despite its flaws. Most services tend to have removal methods involving secondary methods such as SMS or email.

Tom Andrews (authentic, via ) on august 19th, 2018 at 00:26:10:

I had to go to a notary with my passport to get an account back. Took a day off work for a few domain names

David Bern (authentic, via ) on august 23rd, 2018 at 04:51:05:

Sounds reasonable. If issues relating to identification works(possible) in the real life, why make it harder in tech?

Bryan Knight (authentic, via ) on august 19th, 2018 at 10:46:18:

I've been told SOL. And while it hurt, isn't that the entire point?