[_8j50]

You have nothing to apologize for and you're doing great.

I didn't need a valid email to signup for HN,Reddit or even matrix.org in its infancy. That's where I'm coming from. There are better anti-fraud measures and it should be up to the user if they want a way to reset their account. Ideally, you'll have 2FA and the non-email 2FA recovery will also reset the password (such as one time codes you write down, or prove multiple external identity control such as a phone number and creditcard, or ID photo and phone number).

But as I admitted, I shat on your work because I ran into this pet-peeve. So, it is I who should apologize (and I do apologize).