At the end of the day, there’s a lot of differences between the many webmail offerings. The apps, the support, the feature-sets, etc. If you have gotten used to things like the nuances of Gmail filters, switching anywhere can be challenging, I think, and the same could be said about the reverse. I’ve been considering using both Gmail and FastMail simultaneously for a while, especially for custom domains. Also, JMAP is cool.
I am mostly just suggesting that folks who read stories like these and fear similar predicaments take the time, effort, expense, etc. to properly secure whatever accounts they have.
Thought experiment: if someone steals an account with no 2FA, enables U2F and other security mechanisms, how will support verify who truly owns the account? Or the reverse: user enables U2F and someone calls in and tries to claim the account was stolen?
Having humans make judgements is important because the real world is complicated and people are imperfect, but using U2F in the first place can save you a huge headache, no matter what services you use. If support can just flip a bit and disable U2F, it isn’t very useful for the same reasons accounts get hijacked to begin with.
I mean, i think you answered the question yourself. History of account security details, things like login logs, IP addresses, when things were changed, payment information, etc can corroborate the story a user is trying to tell (ie, my account got stolen), or refute it.
And those things? It comes down to having strong process rules and having intelligent life forms make the decision.
I am mostly just suggesting that folks who read stories like these and fear similar predicaments take the time, effort, expense, etc. to properly secure whatever accounts they have.
Thought experiment: if someone steals an account with no 2FA, enables U2F and other security mechanisms, how will support verify who truly owns the account? Or the reverse: user enables U2F and someone calls in and tries to claim the account was stolen?
Having humans make judgements is important because the real world is complicated and people are imperfect, but using U2F in the first place can save you a huge headache, no matter what services you use. If support can just flip a bit and disable U2F, it isn’t very useful for the same reasons accounts get hijacked to begin with.