@Lulucrypto "Ownership change for accounts" works in the way you described. So it's possible to change the email if have no access to the original one, and cancel the change process using the original email if the account is compromised.
As an extra protection against any possible social engineering attacks, whenever
* the administration changes an account's email address from its current value, the following process occurs:
- The change is queued.
- It is listed in
seclog.php.
- The old email receives a warning.
-
After 7 days, the change goes through and another seclog.php entry is added.
The account stays locked throughout all of this.
Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.
* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.This system has been implemented since about a year. Not so different from the old one except about displaying data in Seclog and if your account is hacked you had 14 days to lock it through original email.