How so? If they can't log in because they forgot their password and never wrote it down and have a different email now than the one they registered with (so they can't do a password reset), how can something like 2FA help them get their account back?
I’m not referring strictly to 2FA. I’m referring to systems that help you regain access to an account you have lost. 2FA feels more like a way to keep your account secure as opposed to regaining control.
Google offers reset codes (something like ten) that are one use. Recovery questions are helpful. The dorms I was an RA in used pass codes that families could provide as ID over the phone to get information on their student as long as they were on the ferpa release forms.
By having options available such as what I mentioned or the secondary email field, you place the onus of control onto the user. If they don’t utilize their brains and note information down/work to protect their accounts by avoiding dodgy websites, using weak passwords, or falling for social engineering, a site team is in a better position to say, “sucks to suck.”
Now, there will always be exceptions. I recovered this account once by providing details specific to the history of the account. Thankfully, the responding admin was able to verify. Other established members will likely have built connections on site that will make it easier to validate. For instance, I might pm you from a scab account with some snarky comment that fits my writing style and you’d be able to approve me based on that and the details I provide. I’m the idiot for not utilizing the recovery tools when I had the chance but my connection saved me.
Joe bob sue who joined to vote on site battle madness likely won’t have those connections so you’d have a harder time approving especially if ip addresses don’t match or other details aren’t lining up. If recovery systems are in place, you’re argument would be stronger to again say, “sucks to suck.”
