Daniel Micay on Twitter: "Internet infrastructure providers like domain registrars really need to implement an equivalent to https://t.co/Ei9W0Okv5y. Supporting U2F/FIDO2 isn't enough. It needs to be possible to disable the account recovery backdoors. Customer support is too easily tricked by attackers." / Twitter

Internet infrastructure providers like domain registrars really need to implement an equivalent to landing.google.com/advancedprotec. Supporting U2F/FIDO2 isn't enough. It needs to be possible to disable the account recovery backdoors. Customer support is too easily tricked by attackers.

landing.google.com

Google Advanced Protection Program

The strongest account security made to protect the personal data and information of people most at risk of phishing, hacking and targeted digital attacks.

6:40 PM · Oct 4, 2020Twitter Web App

Replying to

support.cloudflare.com/hc/en-us/artic glosses over this topic. Doubt that the need to prove access to the origin server is a technical restriction on customer support rather than something they are *supposed* to require. Really need a way to opt-in to draconian restrictions / review for this.

support.cloudflare.com

Securing user access with two-factor authentication (2FA)

Two-factor authentication (2FA) improves account security by requiring a second piece of information to validate your identity when logging in. Learn how to configure two-factor authentication (2FA...

1

2

Conversation