|Keep It Simple, Stupid|
Re^2: Email security for monks?by tye (Sage)
|on Oct 04, 2004 at 03:35 UTC||Need Help??|
The proposal was to not allow you to change your e-mail address unless you can enter your old (current) e-mail correctly; making your e-mail address a bit like a second password.
A problem with this is that it needs to address the unlikely situation of someone not remembering what their old e-mail address was. Or, more likely, when someone enters their e-mail address incorrectly and doesn't notice and so can never change their e-mail address again.
This is the same reason why I haven't made it so you have to enter your old password in order to change your password.
Perhaps you should be required to enter at least two of your password, e-mail address, and "real name" in order to be able to change (or see) any of them?
And it'd be nice if we had a solution for the "I forgot my password and I no longer have that e-mail address" problem.
At least we no longer output the password in the HTML when you edit your home node.