Stake a Bitcoin address, and preferably, a PGP key. (But
n.b. that
Segwit addresses cannot yet be used for this purpose.)
I think that current options for securing ones account are inadequate.
0 However, there do exist
ad hoc ways to help protect your account. If your account has any value to you, make the effort to do thatand also to improve your own security! Im sick of hearing about accounts hacked when, as far as I can tell, most or all (
recent) such instances are matters of
users being hacked. I am not aware of any evidence that accounts are ever hacked, nowadays.
What i'm suggesting here is to add another layer of security, so that when you want to change the email or the password, a verification mail would be sent to the current email and the owner would have the option to accept it or not and also know if he is being hacked.
What about people who lose access to an e-mail address, but legitimately know their own password?
0. For account recovery purposes, users should be able to somehow bind a PGP key fingerprint to an accounteither permanently, or with a long timelock. I mean this as a forum feature with a form widget on the user profile page, not the
ad hoc post your key here threads. I would also add Bitcoin keys, but for the aforestated problem with Segwit addresses.
I also want some means of public-key auth login. I began writing a long post for Meta about that more than two months ago, when I was more or less brand-new. However, browser makers have made this infeasible by effectually deprecating functionality required for TLS client certificate usage by websites; and there are other problems with TLS client certs. I also considered SSH tunnels, etc.; but I know realistically that has negligible probability of actually happening.