I would like to suggest Hover to add the following options:
- "Authorize password reset by email": YES | NO
(Some hacker with access to the e-mail won't be able to reset the password.)
- "Authorize password reset by contacting the Hover support team": YES | NO
(Humans from the support team can be tricked by some attacker with social engineering tricks to release the account to the attacker. This happens every day and there are several reports on this vulnerability on other services around the world. An attacker wont be able to trick with social engineering the support team because the system won't allow the support team to be tricked.)
- "Country restriction": [choose country's]
(Alternative: receive a e-mail to unlock access, plus use a country bypass code previously setup... so some hacker with access to email can't bypass the country restriction easily). One more thing to make the hacker job harder... there are VPNs but in many cases it will mean spending money... and more easy to get into the person).
Then send clients the information that those options are available so they can enable them if they want it.