On Wed, Feb 5, 2014 at 2:58 AM, Tyler Romeo tylerromeo@gmail.com wrote:
For example, MZMcBride, what if your password is "wiki", and somebody compromises your account, and changes your password and email. You don't have a committed identity, so your account is now unrecoverable. You now have to sign up for Wikipedia again, using the username "MZMcBride2". Of course, all your previous edits are still accredited to your previous account, and there's no way we can confirm you are the real MZMcBride, but at least you can continue to edit Wikipedia... Obviously you are not the best example, since I'm sure you have ways of confirming your identity to the Wikimedia Foundation, but not everybody is like that. You could argue that if you consider your Wikipedia account to have that much value, you'd put in the effort to make sure it is secure. To that I say see the above paragraph.
What if all of the email addresses that a user has ever used were to be stored permanently? Then in the event of an account hijacking, he could say to WMF, "As your data will confirm, the original email address for user Foo was foo@example.com, and I am emailing you from that account, so either my email account got compromised, or I am the person who first set an email address for user Foo." The email services have their own procedures for sorting out situations in which people claim their email accounts were hijacked.