It means if you slip up and lose your domain, nobody can send you email (including 2FA, reset password, add a new email to your account, etc). You can imagine how inconvenient that would be. I use fastmail with a custom domain and that scenario gives me nightmares.

Mostly off-topic, but related: this is one of the major reasons email needs to finally go away. It was never intended to be the backbone of peoples lives in the way it has become.

Access to my email account probably gives you more access to my life and identity than my SSN [0].

I long for the day that we [1] all get assigned a public/private keypair instead of SSNs. That won't fix everything, but it's a huge step above a shared secret that is limited to 9 digits [2].

[0]: Even without signing up for a bunch of services, it's basically impossible at this point (at least in the US) to not have an email address associated with your bank account, car loan, mortgage, credit card, or even just watching TV.

[1]: "We" meaning "US citizens" or anyone else with a similar system.

[2]: I realize you also need info about the person and not just their number, but also apply that to keypairs.

> I long for the day that we [1] all get assigned a public/private keypair instead of SSNs.

What is the remedy for when someone loses or leaks their keypair?

Have the organization responsible of managing the PKI to generate a new subkey from your primary key (kept in cold storage) and publish a certificate revocation for the previous subkey lost/leaked.

Most of our ID cards (health, driving license) already have an expiration date and the subkeys should have one anyway.

No reason you can't have more than one, either. You could even issue keys for people to act on your behalf (e.g. they get access to it on your death as part of your will).

Report in person to an issuing authority for biometric authentication. Have them issue a new one and blacklist the old public key.

Any number of things that are better than what currently happens when a SSN is leaked.