You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed that you can use the magic code even on non-verified email addresses. Is this intentional? Is this secure? It might well be considered secure, but I thought it was worth a discussion.
Cheers
The text was updated successfully, but these errors were encountered:
violuke
changed the title
Login by code ("Magic code login") #3725
Login by code ("Magic code login") and unverified email addresses
May 28, 2024
An email address can be considered verified if you have demonstrated the ability to read emails sent to it. Clearly, if you can read login codes sent to the email address, that implies ownership of the address... so I really don't see an issue here.
If anything, things need to be changed so that an unverified email automatically gets verified when logging in by code.
Thanks for the incredible feature in #3725 🙏
I've noticed that you can use the magic code even on non-verified email addresses. Is this intentional? Is this secure? It might well be considered secure, but I thought it was worth a discussion.
Cheers
The text was updated successfully, but these errors were encountered: