Thanks for the great analogies Jeff. I really enjoyed the post.

I agree, automated account recovery is critical for the usability of security. One edge case comes to mind though: I lost my phone (with 2FA app) and I don’t have access to my email anymore.

In a centralised world, most auto account recovery flows will fail and require customer support requesting identity verification.

I’m curious what your views are on account recovery in a decentralised world.

Steyn