There is no point in worrying whether attackers can abuse account recovery to take control of your account, if the attacker can just bypass basic controls and access your account. Here is a list of recommended security settings for the 12 popular services we looked at.
An examination of 12 popular web services show distinct differences in how different providers implement account recovery. They all have different options, but Facebook and GitHub offers some of the best security options on the list.
Here are some recommendations for what we’d like to see online services do while monitoring their platform for account fraud. While some of them apply specifically to account recovery, but recommendations focus on improving overall account security.
Decipher is designed to bring security news and information out of the dark and into the light.
Less than 10 percent of active Google accounts use two-step verification (2SV) to secure access to their services, like Gmail. While experts commonly favor using two-factor authentication or password managers, these tools are virtually absent from the security posture of regular users.