Change Email
Loading "Intro to Change Email"
Run locally for transcripts
Because the user's email address is the authority for ownership, we need to be
very thoughtful about how we manage that ownership. Users do occasionally change
their primary email address, and we need to be able to handle that in as user
friendly way as possible without compromising security.
You could just have a simple field in preferences, let the user change their
address to whatever, whenever. But then you'd definitely have issues with people
impersonating other folks. And even well-meaning users could typo the address
and get locked out. You need to add verification.
But what do you verify? Do you verify the old email address? Or the new one?
Well, to avoid the impersonation issue, you'd definitely want to verify the new
one before you complete the change. But do you also verify the old one to
avoid an adversary changing a user's account email address without their
knowledge? What if the user no longer has access to the old address because they
were laid off from the company or something? Now they're talking to our support
people. No thanks.
So instead, we can send a verification to the new address, and once verified, we
can change the email address, and simply notify the old address that the change
has been made. If the user didn't initiate the change, they can contact us and
we can revert the change.
Another approach to this is to allow multiple email addresses per user, and
allow the user to designate one as primary. Then you can verify the new address
before making it primary, and the user can always revert to the old address if
they need to. This is a bit more complex to implement and a little more work for
the user as well, but it's a good option for some cases.
For our app, we're going to keep it simple and just force a verification of the
new email address and then inform the old address with enough information for
them to give to our support folks if they didn't initiate the change.