Hi folks! Just wondering ... Is there something fundamentally wrong / insecure with providing a email with a login link in contrast to a change my password form?
I think of the classical "I have forgotten my password". I now create a form and after entering the email address I send an email with a secure link. This link I use for logging in directly. If the user wants to set a password (at all) she can do so from the inside of the app. Nobody (no big web service) does that ... It makes things easier for the one time users who just don't care about the password. And providing a form to change my password leads to the same thing... If somebody wants to nag a user, he could do so with all 2-factor mailing strategies. And I think I have the same vulnerability against ddos-ing. Warm regards from sunny Vienna, Stefan -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/hobousers. For more options, visit https://groups.google.com/d/optout.
