Designing Customer Account Recovery in a 2FA World

Explore the intricacies of designing secure account recovery systems in a two-factor authentication (2FA) environment through this NorthSec 2020 conference talk by Kelley Robinson. Delve into the challenges of balancing security with user experience when customers lose access to their 2FA devices. Learn from Twilio's Authy App experience and discover best practices for re-verifying user identity across various industries. Examine the trade-offs between different recovery mechanisms, including government ID verification, waiting periods, and security questions. Gain insights on implementing effective guardrails for call center agents to minimize costs and enhance customer satisfaction. Evaluate the pros and cons of various 2FA recovery methods, including security keys, app-based authentication, and SMS 2FA. Leave with a comprehensive understanding of how to design robust account recovery processes that maintain security while accommodating real-world scenarios.