|
|
|
|
|
|
by tdudhhu
819 days ago
|
|
|
Why? You can rate limit the business logic but still show the user the default flow. For example: if a user is requesting a reset password link 10 times a minute you can just send the link one time but display everytime that a reset link was sent by email. |
|
|
You can't debounce them like you can with a reset password email flow.
With a typical password reset email, the actual password resetting is done by the user after they click the link in the email, only someone with access to the email can proceed, and they can only proceed on the same device that they clicked the email link.
In this flow, there is no further on-device interaction.