Make "change e-mail option" require confirmation

by **replikant8** » Sun Nov 19, 2017 10:22 pm

I can't believe you can just change account's e-mail without confirmation on the currently assigned e-mail. You just need to confirm the change on a new one. It's kind of weird to be honest.

by **Granger** » Sun Nov 19, 2017 10:47 pm

Which is completely within reason as you might no longer have access to the old account.

by **juniormayrinck** » Mon Nov 20, 2017 6:13 am

Granger wrote:Which is completely within reason as you might no longer have access to the old account.

Just like someone else might be changing your email to take over your account. Get a safeword system or something.

by **Granger** » Mon Nov 20, 2017 8:08 am

juniormayrinck wrote:Get a safeword system or something.

Which exists: the password that you are asked for when logging in.

by **shubla** » Mon Nov 20, 2017 10:57 am

One could say that security of HnH is insufficient.

Not having a confirmation email about changing of email to a new email is weird.

by **Fierce_Deity** » Mon Nov 20, 2017 5:00 pm

Yeah...the security is a bit on the low side. Sorry Granger but that reason is terrible to keep a confirmation system away. I could potentially see needing to wait out a week long timer to change an email in the case that you don't have access to that email account and can't click the confirmation link/code to instantly change it. Each day another email would be sent as a heads up to the registered email. That is the only way I could see that working.

by **NOOBY93** » Mon Nov 20, 2017 5:04 pm

the existence of emails is nigh useless in this system (right now) but god damn if you don't want your account stolen just don't share your password haha

but I do believe email systems where they check the current email if you wanna change it or change password are better - these allow for account sharing while preventing account theft

by **maze** » Mon Nov 20, 2017 6:07 pm

Man there so many peoples accounts+passwords I know....I could steal them all :O

by **Granger** » Mon Nov 20, 2017 7:30 pm

The associated mail account is for when you forgot your password, the confirmation to the new mail account is to make sure that you actually have control over that account (to prevent typos).

Should you not want someone to change the associated mail address on your account: don't give them access in the first place.

PS: this exact discussion happened already a while back, see this for at word from the powers that be.

by **dafels** » Mon Nov 20, 2017 7:39 pm

maze wrote:Man there so many peoples accounts+passwords I know....I could steal them all :O

same hahahha

Make "change e-mail option" require confirmation

Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Re: Make "change e-mail option" require confirmation

Who is online