|
|
|
|
|
|
by MichaelCollins
1298 days ago
|
|
|
Twitter or discord, why do these require me to confirm an email or phone number when reddit doesn't? Why do shop websites like Etsy require me to confirm my email address before I even decide to purchase or sell anything? If you're worried about credit card fraud, confirm my identity when I give you my payment info, not when I'm merely registering an account. |
|
|
Account registration is the perfect time to do email verification, if the business is going to do it. The user already is in that "mindset"... and clicking a link is really not very difficult. Everyone in that flow understands what is going on.
Sites like Etsy probably have a significant fraud problem... and as previously discussed verifying email addresses goes a very long way towards minimizing risk.
Companies like Twitter and Discord likely require verification for the same reasons - fraud/abuse. I am aware Twitter has had a history of abusing that data, but the initial reason for verification remains the same.
I'm actually surprised more websites don't require verification. It's easy to do, and the benefits are very obvious. Most users aren't bothered by it either...
Smaller ecommerce sites still keep the Guest Checkout flow available because they would rather not impede checkout for any reason - although that means they take on additional risk. Major ecommerce sites require accounts (think Amazon, Newegg, Etsy, Walmart, Zappos, Chewy) and some do require verification. At their scale, fraud and abuse become very difficult problems that require a lot of time/resources.
OAuth/Social Login has removed some of the need to verify email addresses at the business level. This is because a trusted 3rd party Identity Provider has already done that for you, and most OIDC IDP's already provide an "email_verified" flag of sorts. Depending on your trust level (connecting to Google's IDP vs. random IDP), you can just use this data and assume it's been verified, removing that step for the customer.