I spent a while one week going through all my online identity, services I use, etc and putting together basically a dependency tree.
What kicked this off was an overlapping but probably more unusual concern. Basically, I was worried that I had things _too_ secure. If I lost certain access, I'd be _screwed_. It's great that this account needs 45 factor 6 dimensional holographic password authentication to log in, but what happens if I lose something or get bonked on the head and forget something or... how can I recover access, but also set this up in a way where the backdoor I leave is _not_ one that's easily accessible to others.
Anyway, long story short is I have a separate ccTLD domain from my country that is _exclusively_ for use as the root of my identity/recovery. Everything related to it is in a separate account. It charges to a credit card that's not used for anything else. The only thing it does is receives email and dumps them into object storage so I can periodically review. (I don't want them forwarded elsewhere in case the email is something like a password recovery email.)
The recovery solution for this is the ccTLD's dispute resolution policy, and finally my (local) courts. As sexy as that Cocos Islands or Indian Ocean Territory or vanity TLD is, I have a lot more options more easily available to me with my local ccTLD administrator and local courts. I'm pretty much relying on the court's ability to accurately verify my identity as the lock on the back door.
> The recovery solution for this is the ccTLD's dispute resolution policy, and finally my (local) courts. As sexy as that Cocos Islands or Indian Ocean Territory or vanity TLD is, I have a lot more options more easily available to me with my local ccTLD administrator and local courts. I'm pretty much relying on the court's ability to accurately verify my identity as the lock on the back door.
I work at a domain name registrar, and I agree completely. In fact, I have recommended this attitude for years¹. Use your local ccTLD if at all reasonable.
I spent a while one week going through all my online identity, services I use, etc and putting together basically a dependency tree.
What kicked this off was an overlapping but probably more unusual concern. Basically, I was worried that I had things _too_ secure. If I lost certain access, I'd be _screwed_. It's great that this account needs 45 factor 6 dimensional holographic password authentication to log in, but what happens if I lose something or get bonked on the head and forget something or... how can I recover access, but also set this up in a way where the backdoor I leave is _not_ one that's easily accessible to others.
Anyway, long story short is I have a separate ccTLD domain from my country that is _exclusively_ for use as the root of my identity/recovery. Everything related to it is in a separate account. It charges to a credit card that's not used for anything else. The only thing it does is receives email and dumps them into object storage so I can periodically review. (I don't want them forwarded elsewhere in case the email is something like a password recovery email.)
The recovery solution for this is the ccTLD's dispute resolution policy, and finally my (local) courts. As sexy as that Cocos Islands or Indian Ocean Territory or vanity TLD is, I have a lot more options more easily available to me with my local ccTLD administrator and local courts. I'm pretty much relying on the court's ability to accurately verify my identity as the lock on the back door.