Single post
jump to replies
I don't manage to get time to end writing the account management process of https://message.casa
It is not complicated, just registration with an invite code, and password change, but they must be secured processes.
I'd like to keep accounts anonymous, just a login and a password, without requiring an alternative email address. But this implies that it is not possible to get a link to reset the password.
Isn't it too dangerous to not have this possibility? If you lose your password, you definitively lose your account!
It's not a good idea to send the reset link to the message.casa address. If you want to reset your password, it could be because someone has stollen your device or your session.
Is there a good design pattern to reset a password without a "backup" alternative email address?
4 replies
back to top
@adele
Generate a security code to be saved when an account is created? It would be the users responsability to safeguard this code somewhere.
@adele maybe something like a backup code to display a link to change your password, you receive the code directly on the website during the registration process
@0ct0pu5 yes, good idea!
@adele I guess the only way a reset password thru an e-mail it would be with PGP, but people rarely use it nowadays.