|
|
|
|
|
|
by thaumaturgy
2898 days ago
|
|
|
It is a lot inconvenient, given the various and myriad issues with guaranteeing email deliverability. Multiple hosting providers use greylisting or something like it which can delay email by minutes to hours, depending on the behavior of the sending mail server. Almost all hosting providers use one or more layers of spam filtration which can incorrectly trap or dispose of your message. Many users have additional mailbox rules set up which may accidentally match your message and route it to an unexpected folder. Relatively small mistakes with things like SPF can further complicate deliverability. You may also use some popular mail delivery service or another, which means that when that service has a bad customer that annoys enough other system administrators, the entire service gets blackballed, your messages along with it. (Hi, SendGrid.) DigitalOcean's two-factor authentication used email, and email only, which several times caused us some headaches when there was an urgent issue and our person-in-charge couldn't access the account. I've had a system administrator role for multiple companies over almost 15 years now. I've yet to see a perfectly reliable email system. Doing password resets over email is one thing (though I think SMS is still better). At that point, the individual no longer has access to their account anyway, and you're dealing with a much smaller number of impacted users. It's much worse to throw up your hands and say, "I don't want to deal with passwords, let's use email", especially now that there are so many good password-handling libraries for so many different development environments and numerous articles on proper password handling. |
|
|