I've been locked out of my AWS account for almost 3 years now. I have 2FA enabled, tied to a phone number I no longer have access to.
I receive two emails per month. One invoice, for $0.80 (I cannot remember what is running on there, but I guess it must be something). One threatening, "Your AWS Account is about to be suspended". I've been "about to be suspended" for the entire 3 years.
I want to pay the bill, I can't log in.
I emailed, I phoned. Eventually I spoke to somebody, who told me the only way I could access my account was to fill in "some paperwork"[1]. They emailed that to me. It has to be notarized. I called again, they absolutely will not accept this if it is not notarized.
I've explained to them that all I want to do is pay the ~$30 in bills I've accrued for 3 years. I don't mind if I never get access to the account - let me pay the bill and shut the account down, they won't have it. I don't have any free notary access, and I'm not willing to pay more than the AWS bill amount just to be able to pay the bill. I've explained that to them, and they don't seem to care about that either, they'd rather not have the bill payed and continue piling it up.
I was locked out of my AWS account for about 2 years due to loosing my 2FA authenticator on my phone. But had no open bills and didn't really care about it, so I did not try to gain back access.
Until last week, when I decided that I need to use the account again. I simply clicked the recovery link on their 2FA login form. Had to enter my account details and my phone number. Within 15 minutes (as stated on the website) a member of their service team called me. I explained the situation (lost 2FA app). Not a problem, the service agent told me. He then sent me an e-mail (to my AWS-associated mail address) with some random characters, which I had to read back to him. After that he simply removed 2FA, and I was able to log in with my username/password. For me the experience was quite pleasant, but had someone else have access to my e-mail account and knew my AWS username/password, he might have been able to take over my account, bypassing 2FA. I don't quite know how to feel about that.
EDIT: Ok, this probably only works if your phone number is also already associated with your account. So an attacker additionally would need access to my phone number, making things quite a bit more secure in my view.
I'm sorry for what you have to deal with, and I think as an industry we have definitely not thought through on the 2FA-over-phone system.
But I feel like asking for a notorized letter confirming you are actually "you" is quite reasonable. Otherwise it'll be all too easy for malicious social engineering.
The problem is that as they get bigger, they may soon automate delinquent account notifications to debt collection agencies which could impact your credit rating sometime down the line.
You are unfortunately on the wrong side of an asymmetric relationship here.
I sympathize with your predicament, but I can say I am very happy to know that Amazon won't just let anybody get access to a 2FA account without a substantial burden of proof.
We all read horror stories of people's accounts being compromised via trivial social engineering hacks. This will always be a balancing act. And to be honest I am all for erring on the side of caution.
The exact same thing happened to me. In my case I still had a t2 instance running and was billed ~15$ a month. Eventually I shut down the instance over ssh, but that didn't change the overall situation.
I was studying in Germany at the time and access to a notary public costs about 40$ USD there. I asked the AWS support on the phone if letting the payments bounce would suspend my account which they confirmed.
Unfortunately every time I disputed the payment with my bank, AWS send me a physical copy of their terms and my billing address as a proof of contract and my bank would process their payment. Eventually, 3 months in, my credit card expired anyway, solving at least that part.
They still tried to charge me for about 6 months afterwards, but I haven't heard back from them since. Interestingly, I opened a second account, with the exact same billing address, but a different credit card without problem. But I don't really use AWS anymore since then.
I totally believe that they (AWS) just stuck to their process, which was enacted in good faith. But switching my phone number should have not caused that entire fiasco.
I recently noticed a $20-30 charge each month from 'Amazon Web Services' on the credit card and vaguely recall signing up and trialing it one day (must have left a small instance running I guess too).
I had to cancel that credit card in the end as I couldn't get access to the account and their support is, as far as I can tell, automated email responses. I also had the threat to suspend my account over many days (to which I was responding, 'Yes, please do'), but they stubbornly just kept threatening instead of closing the account. The support person did not seem to respond to what I wrote in my replies at all, just pasted a stock response that didn't make sense in context.
They really cannot seem to handle their scale in terms of their customer support (and I wonder how many people are getting bitten for small chunks of cash).
Have you made any attempt to work something out with whoever may have your old phone number? Explain the situation to them? Maybe they'd be kind enough send you the 2FA code for the account?
I'd be worried about them sending your account to collections -- would be annoying to take a credit hit over this ... insane as it is that you have no ability to resolve this situation now without hardship, you also won't have hardship free resolution path after it goes to collections ...
I guess if it goes to collections you'll at least then be able to pay the debt collector -- but you'll still take a credit hit ...
at what point does the debt get sold to a debt collector thus causing you more trouble and pain than paying for a notary would cost? Also if you're in the US and maintain a bank account, many banks offer free notary services.
Ask the office manager at your job if there's a notary public on staff.
It's not uncommon for one of the assistants or the office manager to get certified as a notary. It's very useful for small office situations and short deadlines.
8 days ago I tried to log in to my Amazon retail account, and received a password invalid error. As it turned out my account had been closed, as it appeared to Amazon that it had received a suspicious log in. This is the same account that I use for AWS - hosting websites critical to my business.
Today it appears I am no closer to gaining access back to my AWS account than I was on day 1, even though I have been billed as normal for my services during this time.
This should serve as a warning to anybody else who has an Amazon account that is shared between retail and AWS.
Linked is a list of every event and interaction I have had during the last 8 days with Amazon, via Twitter, email, phone and chat.
In all seriousness, email [email protected]. The most likely outcome is that some relevant managers will receive one of the infamous "?" emails from him.
If so, that'll result in two things:
1) Your problem will be resolved ASAP, managers right up the chain will be tracking it extremely closely, as they'll have to justify every action to Jeff. Everyone goes scrambling when one of those emails goes out.
2) A post-mortem will be done of everything that happened, with processes and procedures improved to ensure it doesn't happen again.
> This should serve as a warning to anybody else who has an Amazon account that is shared between retail and AWS.
So much this.
I had such an account and neglected the retail side (it was linked to amazon.com as well as AWS) as I was using a different account for retail (linked to amazon.co.uk from the days that these were separate systems).
Logging on to amazon.com one day I noticed LastPass suggest I log in, so I did. To see that I hadn't ordered anything retail for 5+ years. So I requested deletion of the amazon.com account (good hygiene, delete unused accounts).
Retail happily obliged... and a week later when payment failed and dunning started I realised what I had done. The account did not exist any more, I could not login to resolve this.
This was entirely my mistake (and quite funny as well as terrifying), but the risk is real.
Should anything happen to your retail account then your AWS account can and will suffer.
I managed to resolve this, I was only using S3 and I wrote a migration tool to remotely move S3 items from one account to another, using only the auth keys that were still active. But woah... if I'd been using EC2 or anything else I would have been in a lot of trouble.
Keep accounts single purpose and obvious. Use an account that only handles your AWS purchases.
I reset a password, then they detected "suspicious activity." I clicked "send pin via email" and the email never shows up. I've done it 3 or 4 times over the course of a week + it never works. It's a documented error + FB/Instagram refuse to addres it.
If anything this, along with similar situation(s?) with Google, should stand as a strong warning against single sign on systems across multiple services with multiple TOS.
A friend had this happen to him (The unauthorized person accessing it). He sells on amazon and had all his inventory removed from being sold while this was going on. Calls did nothing.
What finally worked was the amazon facebook page. He posted on there, they PMed him and he was back up and going within a couple hours where he had been getting the run around for a week or two on the phone.
I had this happen because of a closed AWS account with 2FA that locked out my longtime Amazon.com retail account. The 2FA factor was a business phone number that I had given back to my former employer a couple of years ago.
The best that AWS/Amazon support could give me is start a new Amazon.com account. At least the AWS account wasn't billing anything.
Also having problem with AWS - can't access it and they keep billing me for something there I want to shut it down (EC2?) but I can't.
I recently moved from Brazil to UK (new address) and changed phone + sim card (Authenticator after restore from backup lost all 2 factor auth entries).
This is the moment when you realise that you're outside of predefined use cases of The Machine and you're fucked. Nobody is here to help you. I've tried, nobody gives a shit at Amazon. They have procedures, you know.
I blame 2FA and I think it's great if you don't have problems but it's shit if you have, ie. you move places, change phones etc. in your life. Something there in the process is missing like "next of kin" recovery that should be mandatory when enabling 2FAs.
This anecdote makes me very happy with AWS. I want loss of 2FA to completely revoke access to my account. Otherwise any smart hacker can social engineer Amazon support with some fake drivers license photo and steal all my BTC (for example).
UPDATE: The hold has been removed from my account, and I have access again. Even though I had previously been told my account had been closed, it seems like this wasn't final. This resolution was down to an escalation of my case at Amazon, after a team member contacted me through Twitter and promised to personally look into it.
Some great advice in here about creating multiple accounts with a + sign in the email address. One thing I didn't see mentioned that is a standard best practice for AWS is to create a separate IAM account for your day to day usage and NEVER log into your root account (unless you need to open a billing support ticket) after creating the IAM account.
You will get a new login page and username to log in with and not need an email address specific account.
The moral of the story is that your AWS account and your personal amazon buying account should be separate.
As well, if you use Kindle Direct Publishing, are an Amazon Seller, work for Amazon Flex, or use the Amazon Affiliates program, each of these should also be on an independent Amazon account.
This way, problems on one won't affect problems on the other.
Stories like this are frustrating and a symptom of the impact very large companies can have on multiple facets of our lives.
One possible approach is to keep accounts separate for personal and each business that you are involved with. For example, you probably have at least a separate personal checking account and business checking account. Likewise, it would make sense to have all accounts used for a given business to only be used for that business.
In addition to providing some safety against automated action, division of accounts provides a nice legal line, wherein if a court order requires you to disclose information, you can simply dump everything on the account without touching any of the other businesses or personal documents.
Stymieing this, of course, is companies (Facebook?) that have a policy of prohibiting a single real person from having distinct accounts.
Jeff Bezos himself said if you are having problems you should mail him directly. Behind this address there is a full team investigating the issue and if it's something they want to handle will actually lead to improvements for all customers.
I spent a month and a half locked out of my AWS account due to 2FA issues and being caught in a Mobius strip with AWS support.
IMHO 2 problems with how AWS handles customer support (vs. other co's):
1. Different support rep every time = following the same script with every phone call. I'm sure assigning first available rep speeds up response times but for you, if the problem can't be resolved in 1 phone call it's like talking to someone with Alzheimer's, you're constantly re-answering the same 15 questions to a new person every time.
2. Customers are not allowed to directly interface with level 2+ support, only the nontechnical level 1 support can do that. Good luck getting them to communicate your technical issue correctly.
For example, every single support rep asked me if I had 2FA disabled for my Amazon retail account (I did). After re-answering this question with every single rep, they'd file tickets with the next level of support...only to be rejected later because level 2+ said it was most likely because I had 2FA on on my Amazon retail account (I did not). It was nearly impossible to bridge this disconnect.
Customer support is not easy to do well so I hesitate to widely impugn Amazon's efforts, but if you're an AWS customer and you have an issue that's an edge case outside of the scripts these support reps are using prepare to waste weeks or months of your life trying to resolve it.
Whilst this is more about AWS accounts, the ability of Amazon (and other cloud providers) to lock you out of an account with very limited recourse does present some other problems.
I've got quite a few ebooks I've bought via Amazon Kindle. If amazon one day decided to delete/lock my account, I would lose access to all that content which I had "bought".
The more data people store in various cloud providers systems, the more the need for some kind of recovery mechanism / dispute resolution process becomes apparent.
Whilst its relatively easy, in many cases, for more technical users to ensure they have backups of data that they control, less technical users could have a lot of their information tied up in these systems, and loss of it could be quite bad for them.
"Who are you?" is the most expensive question in technology. No matter how you get it wrong, you're fucked.
Letting the wrong person in to an account? You're fucked.
Locking the right person out of an account? You're fucked.
Given that data can't be reversed as charges can, arresting an account may be slightly preferable, but it remains highly disrupting.
I've been through the experience a few times myself, largely with Google. Out of a fit of pique, the temporary account I created for myself (and through which I negotiated for recovery) was "The Real Slim Shady". Several of my G+ contacts noted that they could be pretty certain that this was in fact me, though I'm a little frightened whichever way that works out.
(I did have other profiles through which I could announce my plight.)
I still think that the matter of idientification, or rather, the more primary matters of authentication, authorisation, integrity, validation, payment authorisation, ownership, receipts rights, and similar associations, need to be worked out.
I'm also strongly in favour of a system in which a physical token -- and I think a signet ring with a very-near-field chip and accompanying sensors on mobile, laptop, and desktop devices would be just about perfect -- should be part of that systme.
Not an insertable device (as with Yubikey), or something requiring keying in a value (as with RSA fobs). But something which is worn (so: on you at all times), replaceable, destroyable, discardable, but also exceedingly difficult to duplicate or appropriate, or to read without intention on the part of the owner.
I've had the same issue with buying and selling accounts - my buying account got locked out, which prevented me from logging in to my selling account, with 50 pending orders at the time. Luckily I emailed [email protected] and got my main account unlocked within 2 days and my buying eventually got back a week or two later.
Seems like they still haven't fixed the underlying issue of bots locking accounts across services.
I'm one account flag change or one password reset from being in this exact situation, and it's terrifying. I have been an Audible customer since before Amazon bought them. Somewhere in their account aggregation process, I've ended up with at least four distinct logins for amazon that all use the same email address.
One email address... And i use one password for audble, one for amazon, one for aws, and one for amazon affiliate. If I password reset on any one of those services, my accounts are all bricks. I've made that mistake once and had to frantically call audible support & climb through the support chains until someone could basically undo my password change.
During the process, they offered to try and deduplicate my accounts, but I think we're going to need a team of senior-level DBAs to sort this shit out.
Email [email protected]. This same thing happened to me a few months ago. I tried everything and was banging my head against the wall. After emailing [email protected] the issue was resolved in less than 24 hours.
[+] [-] stickydink|8 years ago|reply
I receive two emails per month. One invoice, for $0.80 (I cannot remember what is running on there, but I guess it must be something). One threatening, "Your AWS Account is about to be suspended". I've been "about to be suspended" for the entire 3 years.
I want to pay the bill, I can't log in.
I emailed, I phoned. Eventually I spoke to somebody, who told me the only way I could access my account was to fill in "some paperwork"[1]. They emailed that to me. It has to be notarized. I called again, they absolutely will not accept this if it is not notarized.
I've explained to them that all I want to do is pay the ~$30 in bills I've accrued for 3 years. I don't mind if I never get access to the account - let me pay the bill and shut the account down, they won't have it. I don't have any free notary access, and I'm not willing to pay more than the AWS bill amount just to be able to pay the bill. I've explained that to them, and they don't seem to care about that either, they'd rather not have the bill payed and continue piling it up.
[1] https://s3.amazonaws.com/AWSCS_CustomerForms/IdentityVerific...
[+] [-] michaf|8 years ago|reply
Until last week, when I decided that I need to use the account again. I simply clicked the recovery link on their 2FA login form. Had to enter my account details and my phone number. Within 15 minutes (as stated on the website) a member of their service team called me. I explained the situation (lost 2FA app). Not a problem, the service agent told me. He then sent me an e-mail (to my AWS-associated mail address) with some random characters, which I had to read back to him. After that he simply removed 2FA, and I was able to log in with my username/password. For me the experience was quite pleasant, but had someone else have access to my e-mail account and knew my AWS username/password, he might have been able to take over my account, bypassing 2FA. I don't quite know how to feel about that.
EDIT: Ok, this probably only works if your phone number is also already associated with your account. So an attacker additionally would need access to my phone number, making things quite a bit more secure in my view.
[+] [-] analyst74|8 years ago|reply
But I feel like asking for a notorized letter confirming you are actually "you" is quite reasonable. Otherwise it'll be all too easy for malicious social engineering.
[+] [-] otoburb|8 years ago|reply
You are unfortunately on the wrong side of an asymmetric relationship here.
[+] [-] kinkrtyavimoodh|8 years ago|reply
We all read horror stories of people's accounts being compromised via trivial social engineering hacks. This will always be a balancing act. And to be honest I am all for erring on the side of caution.
[+] [-] ccleve|8 years ago|reply
[+] [-] manigandham|8 years ago|reply
Regardless of the size of the bill, comparing it to cost of a notary (which is very minimal) is irrelevant.
[+] [-] pierrebeaucamp|8 years ago|reply
I was studying in Germany at the time and access to a notary public costs about 40$ USD there. I asked the AWS support on the phone if letting the payments bounce would suspend my account which they confirmed.
Unfortunately every time I disputed the payment with my bank, AWS send me a physical copy of their terms and my billing address as a proof of contract and my bank would process their payment. Eventually, 3 months in, my credit card expired anyway, solving at least that part.
They still tried to charge me for about 6 months afterwards, but I haven't heard back from them since. Interestingly, I opened a second account, with the exact same billing address, but a different credit card without problem. But I don't really use AWS anymore since then.
I totally believe that they (AWS) just stuck to their process, which was enacted in good faith. But switching my phone number should have not caused that entire fiasco.
[+] [-] ta667788|8 years ago|reply
I had to cancel that credit card in the end as I couldn't get access to the account and their support is, as far as I can tell, automated email responses. I also had the threat to suspend my account over many days (to which I was responding, 'Yes, please do'), but they stubbornly just kept threatening instead of closing the account. The support person did not seem to respond to what I wrote in my replies at all, just pasted a stock response that didn't make sense in context.
They really cannot seem to handle their scale in terms of their customer support (and I wonder how many people are getting bitten for small chunks of cash).
[+] [-] kiehlster|8 years ago|reply
[+] [-] andrewvc|8 years ago|reply
[+] [-] breatheoften|8 years ago|reply
I guess if it goes to collections you'll at least then be able to pay the debt collector -- but you'll still take a credit hit ...
[+] [-] yellow_postit|8 years ago|reply
[+] [-] hinkley|8 years ago|reply
It's not uncommon for one of the assistants or the office manager to get certified as a notary. It's very useful for small office situations and short deadlines.
[+] [-] mobiledev1|8 years ago|reply
[+] [-] Cacti|8 years ago|reply
[+] [-] vivekd|8 years ago|reply
[+] [-] ouid|8 years ago|reply
[+] [-] user5994461|8 years ago|reply
[+] [-] colinmeinke|8 years ago|reply
Today it appears I am no closer to gaining access back to my AWS account than I was on day 1, even though I have been billed as normal for my services during this time.
This should serve as a warning to anybody else who has an Amazon account that is shared between retail and AWS.
Linked is a list of every event and interaction I have had during the last 8 days with Amazon, via Twitter, email, phone and chat.
[+] [-] Twirrim|8 years ago|reply
If so, that'll result in two things:
1) Your problem will be resolved ASAP, managers right up the chain will be tracking it extremely closely, as they'll have to justify every action to Jeff. Everyone goes scrambling when one of those emails goes out.
2) A post-mortem will be done of everything that happened, with processes and procedures improved to ensure it doesn't happen again.
[+] [-] buro9|8 years ago|reply
So much this.
I had such an account and neglected the retail side (it was linked to amazon.com as well as AWS) as I was using a different account for retail (linked to amazon.co.uk from the days that these were separate systems).
Logging on to amazon.com one day I noticed LastPass suggest I log in, so I did. To see that I hadn't ordered anything retail for 5+ years. So I requested deletion of the amazon.com account (good hygiene, delete unused accounts).
Retail happily obliged... and a week later when payment failed and dunning started I realised what I had done. The account did not exist any more, I could not login to resolve this.
This was entirely my mistake (and quite funny as well as terrifying), but the risk is real.
Should anything happen to your retail account then your AWS account can and will suffer.
I managed to resolve this, I was only using S3 and I wrote a migration tool to remotely move S3 items from one account to another, using only the auth keys that were still active. But woah... if I'd been using EC2 or anything else I would have been in a lot of trouble.
Keep accounts single purpose and obvious. Use an account that only handles your AWS purchases.
[+] [-] joelrunyon|8 years ago|reply
I reset a password, then they detected "suspicious activity." I clicked "send pin via email" and the email never shows up. I've done it 3 or 4 times over the course of a week + it never works. It's a documented error + FB/Instagram refuse to addres it.
https://medium.com/@joelrunyon/instagrams-security-features-...
[+] [-] digi_owl|8 years ago|reply
[+] [-] birdman3131|8 years ago|reply
What finally worked was the amazon facebook page. He posted on there, they PMed him and he was back up and going within a couple hours where he had been getting the run around for a week or two on the phone.
[+] [-] btown|8 years ago|reply
[+] [-] allthecybers|8 years ago|reply
The best that AWS/Amazon support could give me is start a new Amazon.com account. At least the AWS account wasn't billing anything.
[+] [-] mirekrusin|8 years ago|reply
I recently moved from Brazil to UK (new address) and changed phone + sim card (Authenticator after restore from backup lost all 2 factor auth entries).
This is the moment when you realise that you're outside of predefined use cases of The Machine and you're fucked. Nobody is here to help you. I've tried, nobody gives a shit at Amazon. They have procedures, you know.
I blame 2FA and I think it's great if you don't have problems but it's shit if you have, ie. you move places, change phones etc. in your life. Something there in the process is missing like "next of kin" recovery that should be mandatory when enabling 2FAs.
[+] [-] aianus|8 years ago|reply
[+] [-] BenjiWiebe|8 years ago|reply
[+] [-] wnevets|8 years ago|reply
wouldn't this just weaken the second factor? Services that have bypasses to 2FA wind up rendering it useless.
[+] [-] colinmeinke|8 years ago|reply
[+] [-] johnhenry|8 years ago|reply
[+] [-] gjmveloso|8 years ago|reply
[+] [-] coleca|8 years ago|reply
You will get a new login page and username to log in with and not need an email address specific account.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practic...
[+] [-] mabbo|8 years ago|reply
As well, if you use Kindle Direct Publishing, are an Amazon Seller, work for Amazon Flex, or use the Amazon Affiliates program, each of these should also be on an independent Amazon account.
This way, problems on one won't affect problems on the other.
[+] [-] steven777400|8 years ago|reply
One possible approach is to keep accounts separate for personal and each business that you are involved with. For example, you probably have at least a separate personal checking account and business checking account. Likewise, it would make sense to have all accounts used for a given business to only be used for that business.
In addition to providing some safety against automated action, division of accounts provides a nice legal line, wherein if a court order requires you to disclose information, you can simply dump everything on the account without touching any of the other businesses or personal documents.
Stymieing this, of course, is companies (Facebook?) that have a policy of prohibiting a single real person from having distinct accounts.
[+] [-] luckystarr|8 years ago|reply
Jeff Bezos himself said if you are having problems you should mail him directly. Behind this address there is a full team investigating the issue and if it's something they want to handle will actually lead to improvements for all customers.
[+] [-] ordinaryperson|8 years ago|reply
IMHO 2 problems with how AWS handles customer support (vs. other co's):
1. Different support rep every time = following the same script with every phone call. I'm sure assigning first available rep speeds up response times but for you, if the problem can't be resolved in 1 phone call it's like talking to someone with Alzheimer's, you're constantly re-answering the same 15 questions to a new person every time.
2. Customers are not allowed to directly interface with level 2+ support, only the nontechnical level 1 support can do that. Good luck getting them to communicate your technical issue correctly.
For example, every single support rep asked me if I had 2FA disabled for my Amazon retail account (I did). After re-answering this question with every single rep, they'd file tickets with the next level of support...only to be rejected later because level 2+ said it was most likely because I had 2FA on on my Amazon retail account (I did not). It was nearly impossible to bridge this disconnect.
Customer support is not easy to do well so I hesitate to widely impugn Amazon's efforts, but if you're an AWS customer and you have an issue that's an edge case outside of the scripts these support reps are using prepare to waste weeks or months of your life trying to resolve it.
[+] [-] raesene6|8 years ago|reply
I've got quite a few ebooks I've bought via Amazon Kindle. If amazon one day decided to delete/lock my account, I would lose access to all that content which I had "bought".
The more data people store in various cloud providers systems, the more the need for some kind of recovery mechanism / dispute resolution process becomes apparent.
Whilst its relatively easy, in many cases, for more technical users to ensure they have backups of data that they control, less technical users could have a lot of their information tied up in these systems, and loss of it could be quite bad for them.
[+] [-] elliottcarlson|8 years ago|reply
[+] [-] dredmorbius|8 years ago|reply
Letting the wrong person in to an account? You're fucked.
Locking the right person out of an account? You're fucked.
Given that data can't be reversed as charges can, arresting an account may be slightly preferable, but it remains highly disrupting.
I've been through the experience a few times myself, largely with Google. Out of a fit of pique, the temporary account I created for myself (and through which I negotiated for recovery) was "The Real Slim Shady". Several of my G+ contacts noted that they could be pretty certain that this was in fact me, though I'm a little frightened whichever way that works out.
(I did have other profiles through which I could announce my plight.)
I still think that the matter of idientification, or rather, the more primary matters of authentication, authorisation, integrity, validation, payment authorisation, ownership, receipts rights, and similar associations, need to be worked out.
I'm also strongly in favour of a system in which a physical token -- and I think a signet ring with a very-near-field chip and accompanying sensors on mobile, laptop, and desktop devices would be just about perfect -- should be part of that systme.
Not an insertable device (as with Yubikey), or something requiring keying in a value (as with RSA fobs). But something which is worn (so: on you at all times), replaceable, destroyable, discardable, but also exceedingly difficult to duplicate or appropriate, or to read without intention on the part of the owner.
https://www.reddit.com/r/dredmorbius/comments/2w618r/how_to_...
[+] [-] maxehmookau|8 years ago|reply
Once through, being persistent eventually (it took a week or so) saw us regain access to the account.
[+] [-] iddqd|8 years ago|reply
[+] [-] ikeboy|8 years ago|reply
Seems like they still haven't fixed the underlying issue of bots locking accounts across services.
[+] [-] bryanthompson|8 years ago|reply
One email address... And i use one password for audble, one for amazon, one for aws, and one for amazon affiliate. If I password reset on any one of those services, my accounts are all bricks. I've made that mistake once and had to frantically call audible support & climb through the support chains until someone could basically undo my password change.
During the process, they offered to try and deduplicate my accounts, but I think we're going to need a team of senior-level DBAs to sort this shit out.
[+] [-] chrisacky|8 years ago|reply
He will probably naturally see this thread over the course of the day though if it get's popular anyway....
[+] [-] serpix|8 years ago|reply
[+] [-] tjbiddle|8 years ago|reply
[+] [-] jasonrhaas|8 years ago|reply