After forgetting my password a few weeks or so after first creating my account (I went a long time without ever trying out Keybase, because its value proposition AFAICT wasn't very interesting up until around a year and a half ago), I had Max reset my account. I was left with mixed feelings about this:
1. Extreme gratefulness esp. wrt the hands-on approach to "customer" support, but concern for the scalability of a process that require that level of manual involvement, and
2. Concerns with how easy it was to get keybase.io/$MYNAME disconnected and reconnected by the Keybase switchboard operators
... and I wondered why Keybase's proof system didn't play a part in authenticating me.
For example: Let's say I create a Keybase account, forget my password, and realize I'm not logged in on any device. If I need to reset an account that has N social proofs, wouldn't it be a good idea for Keybase to make me prove that I am who I say I am by adding/altering M of N proofs?
And on that note:
Given that you're rolling out third-party integration, how about building off OP's thoughts, so a Keybase user can configure their account to say, "You should be able to verify that $SERVICE implements the optional 2FA parts of the Keybase integration spec; please use $SERVICE as the 2FA provider for this account."
After forgetting my password a few weeks or so after first creating my account (I went a long time without ever trying out Keybase, because its value proposition AFAICT wasn't very interesting up until around a year and a half ago), I had Max reset my account. I was left with mixed feelings about this:
1. Extreme gratefulness esp. wrt the hands-on approach to "customer" support, but concern for the scalability of a process that require that level of manual involvement, and
2. Concerns with how easy it was to get keybase.io/$MYNAME disconnected and reconnected by the Keybase switchboard operators
... and I wondered why Keybase's proof system didn't play a part in authenticating me.
For example: Let's say I create a Keybase account, forget my password, and realize I'm not logged in on any device. If I need to reset an account that has N social proofs, wouldn't it be a good idea for Keybase to make me prove that I am who I say I am by adding/altering M of N proofs?
And on that note:
Given that you're rolling out third-party integration, how about building off OP's thoughts, so a Keybase user can configure their account to say, "You should be able to verify that $SERVICE implements the optional 2FA parts of the Keybase integration spec; please use $SERVICE as the 2FA provider for this account."