Account recovery

Cornelius Schumacher cschum at
Wed Jan 14 11:42:34 UTC 2009

While looking for best practices for OpenID account recovery in cases where a 
user can't access to the OpenID provider which was used in his account, I 
came across this document:

I'm wondering, what the experience is with these kind of techniques. Alternate 
OpenIDs, Multiple-delegation, and email recovery using confirmed email 
addresses all require the user to set this up in advance before the problem 
occurs. So either the users are forced into e.g. confirming an email address 
or at least some of them don't have a chance to get access to an account 
again, if the associated OpenID provider goes down. Both doesn't seem to be 
optimal to me.

Are there any alternative ideas how to handle account recovery for OpenID?

Cornelius Schumacher <cschum at>

More information about the user-experience mailing list