> If email is compromised, so is the password reset mechanism.
If we didn't have online password resets then we wouldn't have to worry about the e-mail account being the weak-point.
I would argue that no service that offers an online password reset mechanism deserves it.
If I mess-up my bank login, I have to go to a branch to initiate the re-authentication process. Password in the post in secure-mail envelopes, things like that.
If I screw-up my Amazon login - well, that should really be too bad, end of story. Just create a new account. There's too much risk in having an online reset mechanism that could enable someone else to use my cards for purchases.
If we didn't have online password resets then we wouldn't have to worry about the e-mail account being the weak-point. I would argue that no service that offers an online password reset mechanism deserves it.
If I mess-up my bank login, I have to go to a branch to initiate the re-authentication process. Password in the post in secure-mail envelopes, things like that.
If I screw-up my Amazon login - well, that should really be too bad, end of story. Just create a new account. There's too much risk in having an online reset mechanism that could enable someone else to use my cards for purchases.