Your email is often the only method used/available to recover an account you’ve lost access too. Changing it requires absolute certainty that it is the account owner making the change.
It’s frustrating, but a necessary evil imo.
At least changing it is an option; many places build their account systems around your email being immutable. If you want to change it, you’ve gotta make a new account and request anything you can’t manually move be moved over for you.
Your email is often the only method used/available to recover an account you’ve lost access too.
Unfortunately, this is a weak security practice that really is used everywhere.
2fa helps mitigate the risk. An alternative email or even (cringe) a phone authentication is better than email recovery.
Changing it requires absolute certainty that it is the account owner making the change.
While that sounds good, it’s really not reality. An angry spouse, who would have access to their partner’s email address through a shared computer (for example), could easily wreak havoc by using this exploit.
But if that partner used random email addresses and strong 2fa, there’s almost no risk.
There’s unfortunately a fine line between too-easy access to someone’s accounts, and losing all your account if you forget the login details. I’m willing to take the latter option, because it’s less convenient for me (if that ever happens), but far better than if your data got into someone else’s hands.
Getting back to my OP… the vast majority of these accounts are not important enough for me to even worry about account security, so not being able to change the email address is just a poor user experience. My bank was by far the easiest to change emails on! LOL
Your email is often the only method used/available to recover an account you’ve lost access too. Changing it requires absolute certainty that it is the account owner making the change.
It’s frustrating, but a necessary evil imo.
At least changing it is an option; many places build their account systems around your email being immutable. If you want to change it, you’ve gotta make a new account and request anything you can’t manually move be moved over for you.
Aka: “we outsourced development, and they determined it was easiest to make your email address a primary key in the database”
deleted by creator
Unfortunately, this is a weak security practice that really is used everywhere.
2fa helps mitigate the risk. An alternative email or even (cringe) a phone authentication is better than email recovery.
While that sounds good, it’s really not reality. An angry spouse, who would have access to their partner’s email address through a shared computer (for example), could easily wreak havoc by using this exploit.
But if that partner used random email addresses and strong 2fa, there’s almost no risk.
There’s unfortunately a fine line between too-easy access to someone’s accounts, and losing all your account if you forget the login details. I’m willing to take the latter option, because it’s less convenient for me (if that ever happens), but far better than if your data got into someone else’s hands.
Getting back to my OP… the vast majority of these accounts are not important enough for me to even worry about account security, so not being able to change the email address is just a poor user experience. My bank was by far the easiest to change emails on! LOL
This we can agree on.