Today we’ve added support to link multiple tokens to the same account. Our first release of TrustBearer OpenID allowed each user to associate one token per account. This was by design for security and simplicity. If you lost your single token, you could no longer use your account.
We realized that it was only a matter of time until someone lost a token, or ran it through the washing machine. There was some discussion on the blog around how we should handle this case of lost tokens. Some ideas included sending a SMS message as a one-time unlock, answering a series of Q&A pairs and mailing a token to a pre-determined physical address. While all of these recovery methods are interesting, they either reduced security (SMS, Q&A) or added privacy implications (mailing a recovery token).
The simple backup solution was to allow multiple tokens to be linked. To use this feature, sign in to your TrustBearer OpenID dashboard, connect an additional token to your computer, give your backup token a name and click Add Token.
You can add or remove as many tokens as you would like. Warning: You can also now “abandon” your account by removing all tokens associated with your account. We will not make that OpenID username available to anyone once an account is abandoned.
Give it a try and let us know what you think.