New ask Hacker News story: Ask HN: How do you deal with password resets when the user's email has changed?
Ask HN: How do you deal with password resets when the user's email has changed?
4 by authquestions | 1 comments on Hacker News.
We've been running into this issue more frequently. Users create an account in our app with an email address and password. Eventually after some time, they forget their password. That's fine, then can put in their email address and get emailed a password reset link to set a new one. However, occasionally, they get a new email address and lose access to their original one, and then also forget their password. At this point, they're now stuck. They can't perform a password reset because they don't have access to the original email address associated with the account. What's the best practice for dealing with this situation? I know some sites ask a series of "security questions" that allow you to authenticate without access to the email address, but are there any other options? I don't really want to store everyone's mother's maiden name or the name of the street they grew up on. Is there a better way of dealing with this that doesn't leave users locked out because they forgot to update the email address in our system when they changed emails?
4 by authquestions | 1 comments on Hacker News.
We've been running into this issue more frequently. Users create an account in our app with an email address and password. Eventually after some time, they forget their password. That's fine, then can put in their email address and get emailed a password reset link to set a new one. However, occasionally, they get a new email address and lose access to their original one, and then also forget their password. At this point, they're now stuck. They can't perform a password reset because they don't have access to the original email address associated with the account. What's the best practice for dealing with this situation? I know some sites ask a series of "security questions" that allow you to authenticate without access to the email address, but are there any other options? I don't really want to store everyone's mother's maiden name or the name of the street they grew up on. Is there a better way of dealing with this that doesn't leave users locked out because they forgot to update the email address in our system when they changed emails?
Comments
Post a Comment