undefined | Better HN

0 pointsImPostingOnHN3y ago0 comments

that is a phenomenal question that deserves to be answered by the highly paid engineers at Google

they're smart, I'm sure they can find a way, even if it contains such horrible, detestable ideas like "more support staff" and "more training for support staff"

0 comments

joshuamorton3y ago

Companies with highly trained support staff regularly fall for these attacks.

The answer has been figured out by the highly trained engineers. It's "don't provide account recovery options that bypass 2fa". Yeah that sucks for a segment if people, but it sucks less than regularly getting your account stolen due to a social engineering attack. There really, truly, doesn't exist a panacea. You don't have and can't create an oracle that knows when an account recovery attempt is legitimate or not.

j / k navigate · click thread line to collapse

0 pointsImPostingOnHN3y ago0 comments

that is a phenomenal question that deserves to be answered by the highly paid engineers at Google

they're smart, I'm sure they can find a way, even if it contains such horrible, detestable ideas like "more support staff" and "more training for support staff"

0 comments

joshuamorton3y ago

Companies with highly trained support staff regularly fall for these attacks.

j / k navigate · click thread line to collapse