|
|
|
|
|
|
by stephenr
2598 days ago
|
|
|
You have zero control over how their email is handled - and you're providing a way to login, no questions asked, with just access to their email. The usual "argument" about email resets is irrelevant - a password reset (a) doesn't have to be fully automated, (b) doesn't grant invisible access to an attacker (c) should leave an obvious audit trail |
|
|