Confirm
1,136
edits
Changes
→Other Requirements
We'll need to look at this from a security POV and make sure an attacker can't squat on email addresses. We may need a way to expire the password/verification email for un-verified accounts.
Flows should handle the case where the user mis-types their password or forgets it by the time they verify their address.
Flows should handle a malicious user claiming an email address, using it on several sites that support unverified, and then the actual owner attempting to claim and verify their email address for the first time.
