Nothing is extremely painful for a federated identity protocol (although I think it should be a clear option for those of us who take these things seriously!). Printed reset codes are part of the way there, but how many people will actually save or print out the file?
SMS confirmation is another mechanism, and one that is viable in most of the world, but has a different set of risks.
I think a combination of these are a good approach, but this is a really tough problem in the identity space, and if you have any suggestions on how to improve it in a way that is viable for a large user base, your feedback would be greatly appreciated!
SMS confirmation is another mechanism, and one that is viable in most of the world, but has a different set of risks.
I think a combination of these are a good approach, but this is a really tough problem in the identity space, and if you have any suggestions on how to improve it in a way that is viable for a large user base, your feedback would be greatly appreciated!