|
|
|
|
|
|
by username223
4119 days ago
|
|
|
Right, but an expiring, single-use link that will send a second email saying "someone from X place just logged in, so contact us if this wasn't you" is still good enough in most cases. To see that, ask which sites will send you a password reset mail when you forget your password. My bank certainly won't -- I have to talk to a person -- but most others do, making their passwords useless. |
|
|