
xkcd 1121, “Identity”.Relevant recent discussion elsewhere:
On a side note, I don’t like that the forum doesn’t let you remove your e-mail address, and/or otherwise
totally disable password reset by e-mail. (Yes, you can set a fake e-mail address; but then, you need to be careful to make sure it can never be valid. And that does not itself totally disable password reset by e-mail.) I’m not the only one. Lauda complained to me about that.
On a side note, I don’t like that the forum doesn’t let you disable password authentication, and log in by signing a challenge with your PGP key... OK, I will stop right here.

I want to see security questions disabled, option to disable email recovery per account and 2FA introduced. BCT is about large sums and does not have up-to-date security mechanisms.
Check if known database compromises could be used to exploit your information from one site to gain access to your accounts at another site:
haveibeenpwned.com. Most importantly, never use the same password at two different sites—
never. Use a secure password manager, and a
different long, random password for each site.
Users who value their accounts should be able to disable
all automated account recovery mechanisms (other than some hypothetical mechanism that uses strong cryptography; that would be great!). These “recovery” mechanisms are
per-account backdoors. They are well-known attack surfaces, which have been very frequently exploited for years—sometimes in high-profile cases that make the news.
How Apple and Amazon Security Flaws Led to My Epic Hacking
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. Here's the story of exactly how my hackers created havoc by exploiting Apple and Amazon security flaws.
Mat Honan
Aug 6, 2012 8:01 PM
[..]
And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.
They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.
Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.
See also:
“A story of how PayPal and GoDaddy allowed the attack and caused me to lose my $50,000 Twitter username.” (2014)
Looks like the same thing happened to me in less than a week. [...] In the meantime I did a little search about the IP location listed in the e-mail, here are the findings.
The hacker knows how he has to hide, and they may use a VPN or TOR to carry out his actions.
Tor can be checked. I had to guess the date for “less than a week” before 2022-07-07.
http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/exonerator.html?ip=119.30.39.74×tamp=2022-07-01&lang=enClearnet site for those not using Tor:
https://metrics.torproject.org/exonerator.htmlExoneraTor
Result is negative
We did not find IP address 119.30.39.74 on or within a day of 2022-07-01.
P.S., pet peeve:Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.