To re-iterate previous threads on this topic, if you have at least one successful login from a Tor exit node or other anonymizing proxy service then the security system won't hassle you when you log in from these networks. That's how you disable it - pass verification from a Tor login.
I don't know what the reset process or weeks timeout refers to. If they abandoned the login process after being asked to provide some more information then the system assumes the hijack was real and forces a password change. Perhaps that's what they mean. With regards to why we do this, you can review the following presentation I gave at the RIPE 64 conference: https://ripe64.ripe.net/presentations/48-AbuseAtScale.pdf https://ripe64.ripe.net/archives/video/25/ or (faster) this post from Urs: https://plus.sandbox.google.com/u/0/+UrsH%C3%B6lzle/posts/Fvr2rCPiPUu _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
