Как сделать так, чтобы владелец не восстановил аккаунт

[yuraval]

"Dont think that's possible to make, even with password hashing, attackers can still find ways to brute-force or use phishing attacks. But if you're looking for a way to make it harder, you could implement a multi-factor auth with a time-based one-time password, or use a password-less auth like Google's FIDO2."

 

[Sarge128]

To be honest, guys, it's almost impossible to make an account fully unrecoverable, especially if it's on a well-established platform. Even if you use super strong password hashes and 2FA, a determined user can still find a way to reclaim their account with the help of support.