Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Your single point of failure is your account at your registrar, where your domain can be hijacked. Once your domain is taken over - all of your accounts which are connected to this domain are also owned. So you're still only one hack away here.


Well, sure. But my registrar requires 2FA and has good support. The domain also has a hard lock for transfers, which would require a signature and id.

A targeted hack that could get 2FA tokens or a social engineering attack on the registar aren't threat vectors I'm concerned about. I'm not that interesting.

Much better than being at risk of, for example, Google cancelling your Gmail account for whatever reason, or your mail account getting hacked.


That is accurate for any and all approaches with email, but it does not negate the (significant) incremental improvements this strategy grants you.


> "That is accurate for any and all approaches with email"

The likelihood of a takeover of @gmail.com or @icloud.com is much lower though.


Instead those can just cancel your account without explanation or recourse. With a registrar you have a contractual relationship enforceable in your local jurisdiction.


I went to jail. Got out. Seems like there is no way to reaccess my old gmail account.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: