Currently, if you lose your authenticator + backup codes, you permanently lose your account - this kind of system is efficient & understandable from a security perspective, but completely misguided when compared to any other projects w/ an authenticator system.
Discord offers deleting your account if you lose all access to it, but refuses to simply remove the authenticator - this kind of offer (deleting your account without having access to it) lacks logical consistency: it only works because, if it's genuinely just an imposter on your email, the real owner of the discord account will simply login & cancel the deletion request; do you see where I'm getting at? It's illogical because the same offer can be applied for the authenticator removal - if no one logins for 15 days upon the request to remove it via email, then it's safe to rule that it's the real owner of the account.
That's it - simple change that will help many & has no possibility for errors - it follows the same logic as deleting your account via email.
Please sign in to leave a comment.