The community as a whole was pretty tight-knit so we didn't go that far down the security rabbit-hole. The initial proposal, though, only required a single backup and we did increase it to 3 to add a little more defense ;)
Presumably if only one "friend" defects and attempts to reset your account you will be notified by the other two friends sending you unrequested reset tokens out of the blue
3 is kinda an arbitrary number, chosen to strike a balance between security and convenience. It was decided that getting 3 people to collude to erode the trust of the community was harder than intercepting an email so the solution was accepted as adding some additional amount of security.
Honestly a bigger flaw in this scheme is if one or more of your friends is no longer active or has forgotten their own password and cyclically is relying on you for backup. You can hedge against this a bit by adding more backups and requiring only some critical mass of tokens, but this does also increase the attack surface.
Presumably if only one "friend" defects and attempts to reset your account you will be notified by the other two friends sending you unrequested reset tokens out of the blue
3 is kinda an arbitrary number, chosen to strike a balance between security and convenience. It was decided that getting 3 people to collude to erode the trust of the community was harder than intercepting an email so the solution was accepted as adding some additional amount of security.
Honestly a bigger flaw in this scheme is if one or more of your friends is no longer active or has forgotten their own password and cyclically is relying on you for backup. You can hedge against this a bit by adding more backups and requiring only some critical mass of tokens, but this does also increase the attack surface.