Hacker News new | ask | show | jobs
by easytiger 2344 days ago
> You don't need to confirm anything to change the email on your account! Not even click an email link!

Same with instagram. If you don't have 2fa on. I've had my account taken over and couldn't believe it. Utterly pathetic levels of security
1 comments
ubercow13 2343 days ago
You mean you can change the email without a password? Why would it be a problem if they require your password but nothing else in order to change your email?
link
easytiger 2342 days ago
I'm saying its a problem to change the email without using an email verification link to do so
link
croon 2342 days ago
What if you're changing email because you no longer have access to your old one?
link
easytiger 2341 days ago
What legitimate scenario would manifest that situation?

That is a by far and away a tiny, minuscule, edge case

link