Frying Pan Warrior
Still Going Strong
- Reaction score
- 578
So currently accounts have the ability to switch email just by confirming password. This allows an entire account to get sabotaged just by someone guessing the password.
The only reason someone would change their account email and be unable to verify the change using their previous email will be if they lost the previous email.
Solution:
Have the game send a confirmation email to the existing email valid for 5 days. If the email change request isn't rejected by clicking the "It wasn't me" link sent to the original email within 5 days, the old email is assumed lost and the email is changed to the new one anyways.
The only reason someone would change their account email and be unable to verify the change using their previous email will be if they lost the previous email.
Solution:
Have the game send a confirmation email to the existing email valid for 5 days. If the email change request isn't rejected by clicking the "It wasn't me" link sent to the original email within 5 days, the old email is assumed lost and the email is changed to the new one anyways.
