Yeah I totally agree that the whole ordeal is unnecessarily complex and confusing. The number of websites that have started mandating 2FA despite having complex, unique passwords that have never been shared annoys me regularly. It’s frustrating that because other people can’t figure out how to use a password manager, we can’t have nice things.
My guess is that there is a certain number of account actions you’re allowed to take (changing password, email, etc) before they force you into a cool down period where you can’t delete your account for like a week. Maybe not, but this is one approach I’ve seen before.
As for the video call, I totally see your train of thought. This is gonna sound dumb, but consider that nobody at LI knows you, so a video call is of limited value, especially in this world of ai models that can apply filters to video in real time. I’m not saying this is their rationale, but it could be part of it.
I’m gonna nerd out here for a second but hopefully you’ll humor me. Authentication is tricky, especially if you want more than one factor for 2FA/MFA. The factors are often explained as something you know (password), something you have (perhaps a yubikey, in this case a state issued ID), or something you are (biometrics). The biggest issue as I understand it is that people reuse the same password over and over, so if your LI password were compromised then it isn’t too big of a leap to assume that your email was also compromised, meaning that any form of authentication relying on email cannot be trusted.
If LI has a policy that any account deletion actions attempted within a month of changing the primary email require the account to have at least 2 factors, that would trigger the request for your ID, because they’re assuming that a threat actor is controlling all of the relevant accounts and they are no longer useful for authentication. State issued ID is one of the best ways to authenticate because when your state provides the ID, they are providing a level of guarantee that the information is both true and being provided without modifications (authentic).
Having said all of that, could you not photoshop a state ID and provide that? Some in the comments have suggested that as an option. If I were designing the program then this third party, Persona, would have relationships with issuers of state ids and could do some level of validation that the ID being uploaded is authentic.
I realize none of this solves your problem, but sometimes I feel better about “stupid” policies if I can work backwards and understand how they came to be in the first place and what they’re meant to accomplish. My advice is to wait a week or 3 and try to delete again, but obviously that is still no guarantee. Good luck!
I loose my mind with this kind of thing too. Do these people have a screw lose? What kind of rational would a rationale person use to decide to just use similar looking words with different meanings?
It was almost painful to write that out actually, but don’t worry I’ll add it to the list of things to review in therapy 😂