Compared to login or password reset, you rarely see the email validate before register flow, especially for mobile apps etc. That makes it pretty hard to make the case that this needs to be actioned from a security perspective when even the big companies are not following it either.
- 0 Posts
- 3 Comments
Joined 3 years ago
Cake day: June 30th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I was having a chat about this with a UX guy. His argument for using a similar flow was that the username/email will have to be validated at the point of registration anyway so you might as well make it easier for the user when the email is wrong. I couldn’t really refute this logic.
If you throttle both login and registration, then surely the risk is minimised while keeping the user happy?
Just to clarify, would you mean to have the email/validate stage as part of the flow to access the app, or let them continue with just the email with a limited functionality?