12 Jul
2012
12 Jul
'12
7:39 p.m.
On 2012-07-07 7:30 PM, Andy Smith wrote:
Hi Aaron,
On Sat, Jul 07, 2012 at 06:13:53PM +0100, Aaron B. Russell wrote:
I would be happy to upload an ssh key and pgp key in this situation. I
will not be happy to provide a copy of my ID or drivers license, which
can be stolen and used for other purposes, to _any_ company.
Perhaps if, at the time of disabling password
resets, a customer was required to send in an image of a government ID that you could keep
on file and validate against, in case they ever did lock themselves out? I'm not sure
how happy people would be to do that, though.
I like this option far less than my suggestion that anyone who
wanted to disable password resets would have to upload a PGP or SSH
key first. Most people can't be bothered with public key
crypto, but if someone
is going to disable the one way they have to getting access when locked
out then perhaps they could be forced to bother.
Make that an option. You must have one of:
- password reset
- ssh key
- pgp key
- some Pre-Shared-Key (?)
- some Pre-Shared Token (i.e password)
You can't select 'none'. You need one of them. I'd be cautious to use
ssh keys, I have lost some private keys in various situations.
Maybe I should just ask this question (off-list) of the few
customers who have disabled password reset and see what they
consider an appropriate level of security should the worst happen.
It doesn't affect the majority of you and I think people have
difficulty putting themselves into such a hypothetical situation.
I'll think about it while I can't sleep tonight. Might come up with
something.