this post was submitted on 02 Nov 2024
33 points (85.1% liked)

memes

21 readers
13 users here now

share memes.

Meme:

Not memes:

founded 6 months ago
MODERATORS
 
top 5 comments
sorted by: hot top controversial new old
[–] Bytemeister 13 points 2 days ago* (last edited 2 days ago)

It's different because the site doesn't have a hash (or worse) a plaintext copy of your password to compare. If they get hacked or lose your data, your email password is not exposed.

So it is very different than just reusing your email password, and I hope I have changed your mind.

[–] [email protected] 6 points 2 days ago

It's functionally equivalent to the security of the account recovery process.

So it doesn't reuse the password, since the second site can't lose the password it doesn't have, but it sets the limit on the security of the login to that of the security of the email providers login.
Usually, that's actually an improvement, since the big email providers most people use tend to enforce reasonable minimums, have good security teams, and people tend to secure their emails better than random sites.

[–] [email protected] 4 points 2 days ago

it confirms the person trying to log in has access to the email. for example the guy remembering your password from watching you enter it, can't use it to log in later as he doesn't get the code.

still, there are better ways.

[–] Ansis100 1 points 2 days ago

My e-mail has 2FA tho

[–] TootSweet 1 points 2 days ago

I would rather more places require email verification.

(As lurch said, even aside from any security uses, it can be used to verify ownership of the email address.)

People fuck up when sharing their email address a lot. And it bugs me no end when I get subscribed to something because someone mistyped [email protected] when they meant [email protected]. (Not my real email address, obviously, but you get the idea.) I've had to unsubscribe from other people's spam more times than I'd like to have.