moderated Re: Changing email address security issue #misc


On Thu, Feb 4, 2021 at 03:50 AM, Robert Oshel wrote:
Wouldn't having the system send an email sent to the original address (the one being changed) requiring a confirmation that the change to the new address is legitimate before the change goes into effect solve the problem?
I think it may (although my gut tells me that unforeseen problems could still ensue). As others in this thread have pointed out, and with which I strongly agree, requests by members for help making changes to their accounts, such as their very identity (email address) in the system, should go to if the member themselves can't navigate the change, and not to an individual group owner. Just as today Mark posts about an unforeseen problem, I would bet there will be others, even with this suggested confirmation/notification, due to the entity making the change (group owner) being at the wrong level.

I think the problem is not that these users having trouble changing their email addresses are technically challenged, or too old, or however others here have described them. The problem is that the system has not made it easy enough for them to do. Why not fix that real problem instead of going through contortions to put bandaids on it?

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

Join to automatically receive all group messages.