Welcome to the mailbox.org user forum!
 

How to prove my identity if account is stolen

5336492 shared this question 2 months ago
Need Answer

Hello,


My previous email account was highjacked and passwords were stolen (https://haveibeenpwned.com).


I don't know where the compromission comes from and I setup all computers running secure systems (GNU/Linux and Mac OS X). I am also using different long passwords and OTPs.


After some testing I decided to go for mailbox.org, which seems the strongest mail system.

I used to run my own Postfix system for additional security, with mailbox.org it is no longer needed.


But what happens if my account is hijacked again. How do I prove my identity?

I added my real name in settings, is that enough?

Can I send you my French ID so that my account is secured and I can recover the account in case need be.


Any comments are welcome.


Kind regards,

Comments (5)

photo
1

Just a comment. I paid by IBAN bank transfer. Is that proof of identity in case account is stolen?

photo
1

If you mailbox.org account was highjacked and passwords were stolen, I think the hacker can login your account and change your contact detail easily. The contact detail just help you recover password if you forgot password.

But if you set OTPs and use one time password, it is safe enough. The hacker guess the right one time password hardly during 30 seconds. So they just read and send your email via imap and smtp ( use your stolen real password ), but can not access you mailbox account and change the password.

photo
1

Not very legal, think about European law. There is a legal owner of the account. The owner should be able to prove its identity using any legal way. With my previous ISP in France, I could use my ID to recover an account.


So if I understand correctly, if my phone is lost (with Google authenticator) and my password is lost, the only way to recover my account is the secondary email. OTP does not protect you from keyboard sniffers.

photo
1

Yes, OTP can be logged by keyboard sniffers, but it just be used one time and will change after 30 secs, so it makes no sense to hack it. If you mean that hacker get your OTP seed, wow, that is the business of yours.


In my way, after scan QR code, click the right mouse botton and get the QR code pic url link, the link contains OTP seed, keep seed number in a safe place, and it can re-step the same OTP for you.

photo
1

Click right mouse botton on the QR code pic, choose "copy link address". The OTP seed is between "secret=" and "&counter".

You may generate a new OTP again and delete the others unused.