Why do I have the option to recover an email address with my phone number?
Can't any personal get my phone, then get access to my email and all its accounts?
Surely the best method would be that if you forget the password to your email account the only way to recover it would be to memorise the recovery code they give you at the beginning?
Sure, if the person knows you personally, and is looking to steal your information specifically, then getting your phone would be easier.
But that's rarely the case. Russian hackers aren't going to be able to steal your phone, but they can steal your password or any recovery settings you have.
>>52392616
So how are we ever going to get past this issue of security?
Good passwords don't mean anything if people can get access to your recovery methods (phone number, secondary emails)
>>52392668
You realize they can't just know your phone number, right? When you use phone authentication, they send a text to your phone with a password for recovery.
Two factor authentication like the above is actually a pretty good step. A hacker might be able to steal your phone, or they might be able to get your password. But the odds of them getting both are astronomical (assuming you're careful and don't do something retarded, like storing your pass on your phone).
So of course, there's always that risk of a breach. but you mitigate as best you can.
>>52392740
What if you set both your emails recovery systems for each other and just memorised the passwords?
To recover email a: send code to email b
To recover email b: send code to email a
And if your passes on both emails are amazing, no one will ever be able to get in online or offline?
Or am I dumb?
>>52392784
Sure, but that assumes your passwords are good and the security of both email companies is flawless.
>>52392832
But isn't it more likely that someone takes your phone and recovers your account with a text message than somebody being able to brute past a 25 character email password?
>>52392858
Not really. How often do you lose your phone?
If you were really paranoid, you'd make sure your email isn't on the phone at all, so a random passerby couldn't use it with that account. Plus, your phone has its own password the hacker would need to get past.
>>52392904
But what I'm asking is, is the system I just laid out more secure than phone recovery?
>>52392934
No, not really.
>>52393013
Why not???
>>52393084
I just told you why. You're hinging your security on having 2 good passwords. If a hacker gets one password, then they've got them all.
Having a good password + physical object you're not likely to lose is safer than just two passwords.
>>52393116
Like I said, how the hell can anyone hack a 30 character gmail or Microsoft password?
>>52393156
Maybe you were dumb, and are using a password which was also used on a different website which then got leaked.
Or you never know, maybe an exploit in their security exists that allowed them to get it.
>>52393311
What if it's a keepass generated password with the highest entropy memorised and then removed from keepass???
>>52393367
What if you just stop being autistic?
>>52393611
>What if you just stop being autistic?
Do you even know where you are?
So no one can properly answer me?
