--JCIJwDXlZmsNNBnR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Aaron,
On Sat, Jul 07, 2012 at 06:13:53PM +0100, Aaron B. Russell wrote:
> Perhaps if, at the time of disabling password resets, a customer was requ=
ired to send in an image of a government ID that you could keep on file and=
validate against, in case they ever did lock themselves out? I'm not sure =
how happy people would be to do that, though.
I like this option far less than my suggestion that anyone who
wanted to disable password resets would have to upload a PGP or SSH
key first.
Most people can't be bothered with public key crypto, but if someone
is going to disable the one way they have to getting access when locked
out then perhaps they could be forced to bother.
Maybe I should just ask this question (off-list) of the few
customers who have disabled password reset and see what they
consider an appropriate level of security should the worst happen.
It doesn't affect the majority of you and I think people have
difficulty putting themselves into such a hypothetical situation.
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--JCIJwDXlZmsNNBnR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk/4cj0ACgkQIJm2TL8VSQsLDgCeMbRJtIUKpc+Z+P1YdFDHH0EH
qecAoM/406RF71OVf3HZVbDki1TFAlZB
=OPV0
-----END PGP SIGNATURE-----
--JCIJwDXlZmsNNBnR--
From aaron@??? Sat Jul 07 17:38:26 2012
Received: from phoenixsupport.org ([2001:ba8:1f1:f1de::f5:c]
helo=server02.filesanctuary.net)
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <aaron@???>) id 1SnYxe-000394-JI
for users@???; Sat, 07 Jul 2012 17:38:26 +0000
Received: from [192.168.0.10]
(cpc1-stkn14-2-0-cust232.11-2.cable.virginmedia.com [86.30.8.233])
by server02.filesanctuary.net (Postfix) with ESMTPSA id AA9348A2C0;
Sat, 7 Jul 2012 18:38:25 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=unadopted.co.uk;
s=2012; t=1341682705;
bh=7Gjf4Gn6I5Ju6kKuHIBlG0To8QJuzGfZxBF4SnnqfSY=;
h=Date:From:To:Cc:Message-ID:In-Reply-To:References:Subject:
MIME-Version:Content-Type;
b=WGEilpRc6mT+BvGIZT1pHVeU9dY5g5ba4ICpaYyDtI6L1iqpXBsOZ8iwBnjUGhG0N
k21880uhYpyGdZX4w5ZR/s+v04cTq6hQm+X9jT3JIJyCUq2tSqDRylrYjpCmxE9K0x
wazUQhAhfPCavfVWubNCsKc4UZLBfdGeWwYCSHSo=
Date: Sat, 7
