will not be happy to provide a copy of my ID or drivers license, which
can be stolen and used for other purposes, to _any_ company.
> Most people can't be bothered with public key crypto, but if someone
> is going to disable the one way they have to getting access when locked
> out then perhaps they could be forced to bother.
Make that an option. You must have one of:
- password reset
- ssh key
- pgp key
- some Pre-Shared-Key (?)
- some Pre-Shared Token (i.e password)
You can't select 'none'. You need one of them. I'd be cautious to use
ssh keys, I have lost some private keys in various situations.
>
> Maybe I should just ask this question (off-list) of the few
> customers who have disabled password reset and see what they
> consider an appropriate level of security should the worst happen.
> It doesn't affect the majority of you and I think people have
> difficulty putting themselves into such a hypothetical situation.
I'll think about it while I can't sleep tonight. Might come up with
something.
From peet@??? Thu Jul 12 19:50:01 2012
Received: from mead.hivemind.net ([41.76.209.65])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <peet@???>) id 1SpPOi-0004K8-P7
for users@???; Thu, 12 Jul 2012 19:50:01 +0000
Received: from 196-210-139-48.dynamic.isadsl.co.za ([196.210.139.48]:49219
helo=mac-wifi.peet.za.net)
by mead.hivemind.net with esmtpa (Exim 4.72 #1)
id 1SpPcB-0000PJ-EJ by authid <peet> with plain_courier_authdaemon ;
Thu, 12 Jul 2012 22:03:55 +0200
Message-ID: <4FFF2A8C.8030201@???>
Date: Thu, 12 Jul 2012 21:50:36 +0200
From: Peet Grobler <peet@???>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Andy Parkins <andyparkins@???>,
users@???
References: <20120707130537.GA11695@???>
<201207081645.39704.andyparkins@???>
In-Reply-To: <201207081645.39704.andyparkins@???>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Whitelisted: Authenticated sender, whitelisted
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Thu,
12 Jul 2012 19:50:00 +0000
X-SA-Exim-Connect-IP: 41.76.209.65
X-SA-Exim-Mail-From: peet@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd3.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN: AS3741 41.76.208.0/21
X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED
shortcircuit=no autolearn=disabled version=3.3.1
X-Spam-Report: * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at
http://www.dnswl.org/, * medium trust
* [41.76.209.65 listed in list.dnswl.org]
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2012 19:50:01 -0000
On 2012-07-08 5:45 PM, Andy Parkins wrote:
> If, the VPS owner has chosen to disable password reset (which for a security
> sensitive site, they almost certainly should -- emails aren't secure), then
> it is their duty to supply a public-key method of verifying their identity.
> If they haven't done that then I don't think it's unreasonable for you to
> require any level of:
>
> - Birth certificate
> - Utility bill
> - Passport
> - Freshly made photo of them holding today's paper with a secret phrase of
> your choice written on it.
> - An unlocking payment from the same source as the origina
