support people will need to be able to recover accounts, but not without owner's consent, and that consent should be in form of answer to question only owner might know, not what was your pet's name or something, ask things like, when was the last time you changed your password, which phone do you use? etc, if support can't answer these then they shouldn't get access, and how will support answer this? only if they're talking to real owner.
I don't know if you actually read my full reply or not, I said not like that, that can be public knowledge,
but questions like:
which phone do you use to make most of the tweets? (system knows this, and this isn't public knowledge)
Which 2FA auth have you setup? (same, user doesn't set this as an answer, but things like did you use sms? which phone number did you use? etc)
When you got your account verified, which identity did you use? did you use passport? or citizenship?
Which email did you use to create this account?
Tell me the phone number you've used on this account for 2FA,
please tell me which of these questions you can work out? and if any of these aren't actually relevant for those people?
Pet name can be worked out, and not everyone has a pet, but you can't find elon's phone number on random site, and again, I'm saying, ask 5 of these questions, only when they all 5 correctly, only then the customer support person can do anything to the account.
Please read the reply correctly first :) (not being toxic, just thought you didn't read it before jumping into attack mode)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
support people will need to be able to recover accounts, but not without owner's consent, and that consent should be in form of answer to question only owner might know, not what was your pet's name or something, ask things like, when was the last time you changed your password, which phone do you use? etc, if support can't answer these then they shouldn't get access, and how will support answer this? only if they're talking to real owner.
This is what the banks do.
Most of the 'something only you know' can be worked out from content Twitter already:
I don't know if you actually read my full reply or not, I said not like that, that can be public knowledge,
but questions like:
which phone do you use to make most of the tweets? (system knows this, and this isn't public knowledge)
Which 2FA auth have you setup? (same, user doesn't set this as an answer, but things like did you use sms? which phone number did you use? etc)
When you got your account verified, which identity did you use? did you use passport? or citizenship?
Which email did you use to create this account?
Tell me the phone number you've used on this account for 2FA,
please tell me which of these questions you can work out? and if any of these aren't actually relevant for those people?
Pet name can be worked out, and not everyone has a pet, but you can't find elon's phone number on random site, and again, I'm saying, ask 5 of these questions, only when they all 5 correctly, only then the customer support person can do anything to the account.
Please read the reply correctly first :) (not being toxic, just thought you didn't read it before jumping into attack mode)