Is this new, or have online accounts never offered the ability to update your email address easily?

  • Darkassassin07
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    2
    ·
    10 months ago

    Your email is often the only method used/available to recover an account you’ve lost access too. Changing it requires absolute certainty that it is the account owner making the change.

    It’s frustrating, but a necessary evil imo.

    At least changing it is an option; many places build their account systems around your email being immutable. If you want to change it, you’ve gotta make a new account and request anything you can’t manually move be moved over for you.

    • ArtVandelay@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      10 months ago

      At least changing it is an option; many places build their account systems around your email being immutable.

      Aka: “we outsourced development, and they determined it was easiest to make your email address a primary key in the database”

    • Showroom7561OP
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Your email is often the only method used/available to recover an account you’ve lost access too.

      Unfortunately, this is a weak security practice that really is used everywhere.

      2fa helps mitigate the risk. An alternative email or even (cringe) a phone authentication is better than email recovery.

      Changing it requires absolute certainty that it is the account owner making the change.

      While that sounds good, it’s really not reality. An angry spouse, who would have access to their partner’s email address through a shared computer (for example), could easily wreak havoc by using this exploit.

      But if that partner used random email addresses and strong 2fa, there’s almost no risk.

      There’s unfortunately a fine line between too-easy access to someone’s accounts, and losing all your account if you forget the login details. I’m willing to take the latter option, because it’s less convenient for me (if that ever happens), but far better than if your data got into someone else’s hands.

      Getting back to my OP… the vast majority of these accounts are not important enough for me to even worry about account security, so not being able to change the email address is just a poor user experience. My bank was by far the easiest to change emails on! LOL

      • bahbah23@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Unfortunately, this is a weak security practice that really is used everywhere.

        This we can agree on.