Is this new, or have online accounts never offered the ability to update your email address easily?

  • @[email protected]OP
    link
    fedilink
    English
    29 months ago

    Your email is often the only method used/available to recover an account you’ve lost access too.

    Unfortunately, this is a weak security practice that really is used everywhere.

    2fa helps mitigate the risk. An alternative email or even (cringe) a phone authentication is better than email recovery.

    Changing it requires absolute certainty that it is the account owner making the change.

    While that sounds good, it’s really not reality. An angry spouse, who would have access to their partner’s email address through a shared computer (for example), could easily wreak havoc by using this exploit.

    But if that partner used random email addresses and strong 2fa, there’s almost no risk.

    There’s unfortunately a fine line between too-easy access to someone’s accounts, and losing all your account if you forget the login details. I’m willing to take the latter option, because it’s less convenient for me (if that ever happens), but far better than if your data got into someone else’s hands.

    Getting back to my OP… the vast majority of these accounts are not important enough for me to even worry about account security, so not being able to change the email address is just a poor user experience. My bank was by far the easiest to change emails on! LOL

    • @bahbah23
      link
      English
      29 months ago

      Unfortunately, this is a weak security practice that really is used everywhere.

      This we can agree on.