See more
The assumption that control of a phone number is sufficient proof of identity is false. Just as we should no longer trust SMS for two-factor authentication, we shouldn’t trust it for account recovery. Disable this anywhere you can.
I tried to make the point that not everyone needs to do very complicated DNSSEC and that online signi…