|
|
|
|
|
|
by moviuro
1921 days ago
|
|
|
Sounds reasonable. However, the access to previous orders should be limited in time. email addresses, like snail mail addresses do expire: what happens if the email address owner changes after the fact? Should you serve the recap and other snail mail addresses a long time after the deal is done and finished? Unless you have mandatory requirements (commercial law) to keep serving invoices/recaps, I'd recommend you seal those away when they aren't needed anymore (and protect them with a password). Something "new" to consider, is how Chrome[0], FFx and company now "suggest" strong passwords when registering on a website. Using the email-OTP might be more cumbersome than using your phone's or PC's built-in password manager. Less data to protect = easier to deal with. [0] https://support.google.com/chrome/answer/7570435?co=GENIE.Pl... |
|
|
I wonder if providing the option to use a phone number OR an email address to receive the code be a good fail safe?