12 Jul
2012
12 Jul
'12
7:50 p.m.
On 2012-07-08 5:45 PM, Andy Parkins wrote:
If, the VPS owner has chosen to disable password reset
(which for a security
sensitive site, they almost certainly should -- emails aren't secure), then
it is their duty to supply a public-key method of verifying their identity.
If they haven't done that then I don't think it's unreasonable for you to
require any level of:
- Birth certificate
- Utility bill
- Passport
- Freshly made photo of them holding today's paper with a secret phrase of
your choice written on it.
- An unlocking payment from the same source as the original VPS purchase
Imagine this. Someone walks into my house, grabs my ID document, a
utility bill and scans it (have no passport). These are all on my desk.
The photo is also easy (using macbook pro's camera). They have already
hacked into my e-mail, so sending the payment is not an issue (they have
my mac password, e-mail password, paypal/google pay password, which are
all of course the same[1]. Bingo.
[1] I have seperate passwords for everything. All in 1-Password. Secured
with a 18-character password. Won't happen here, but can at other places
I'm sure.
In short: paranoia. Disabling password reset implies
a level of security
that should be maintained. It's saying "I take full responsibility for the
password to this VPS, and if I lose it, I accept that I may never get access
again".
Put a note on the site. "If you disable password reset you take full
responsibility for not losing your access details. You also confirm that
bitfolk will be unable to help you with access to your vps if you lose
your PGP key and/or SSH key".
The alternative is that social engineering will get an
attacker access; and
that's often considerably easier brute forcing problem than a password.