alt Hacker NewsFair criticism. The tricky part though with any scaled service is that for every legitimate case like this, there are many more bad actors trying to hijack accounts through exactly this mechanism -- so account recovery has to be conservative by default, which means legitimate cases sometimes get caught in the friction. Not an excuse, but it's a hard problem at scale and not just e.g. a cost-cutting thing or not giving a shit.
> The tricky part though with any scaled service is that for every legitimate case like this, there are many more bad actors trying to hijack accounts through exactly this mechanism
I really wish more people understood this, especially on HN.
Account recovery flows are flooded with people trying to break into other people's accounts. It's going to be nearly impossible to make a system that can allow someone to recovery their account without also accidentally allowing someone to social engineering their way into someone else's account.