Hasi Posted November 28, 2017 Share Posted November 28, 2017 What do you find is the most secure way to handle a user's change of email? I was thinking about this for a while and I just wondered how others are handling it. Method 1: User changes email address, re-enters their password. Done. Verification is sent to the new address. Method 2: User changes email address, re-enters their password. Verification is sent to the new address and old address; "Your password has recently been changed. If this was not you, click here to revert to your old password." Method 3: User changes email address, re-enters their password, a verification code is sent to the new email address and the user must confirm within X days/hours. User can also cancel the request if they entered it incorrectly. Anyway, how are you handling/ planning to handle change of email? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.