Say I have a site, like StackOverflow, which supports OpenID login only. Suppose someone had an account on the site, bound to his OpenID, and then he lost access to his OpenID provider (that's surely possible and not harder than losing your email password). How would he then restore access to his account?
I see two options: one is the usual mail-me-a-key sequence, only appropriate if he had provided an email address.
Two is he could have provided a backup OpenID for such emergencies (that's what SO does i presume).
How do you (or would you) implement access recovery with OpenID? Any thoughts?
I'm using RoR + Authlogic-openid, if that matters.