|
|
|
|
|
|
by gottam
3474 days ago
|
|
|
the problem that the article describes is that an incorrect email was entered at sign up, and the user gets invested in their account, all for it to get hijacked by original the email account owner down the road. Expiring an unconfirmed email solves this. There's still many other possible scenarios but I think it generally does what the author wants in a not so annoying way. |
|
|
From the article:
> What happened?
> Well, turns out that the person that actually owned the jon.smith@email.com was a kid that was curious and clicked the email from TheService asking him to verify his email address.
> He himself forgot about this until a couple of years later when he heard about TheWebsite from some friends, and decided to try it. He tried to create an account and got an “account already exists” error. He used the password reset functionality and that’s that. He now owns the original John Smith’s account.