You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default application and starter packs use the email of the user as a username for authentication. If an account is stolen/hijacked/breached, the attacker can easily change the account email with a few clicks.
Most website requires a confirmation when the email address is changed to safeguard against this and implement an additional layer of user account security.
I have created a composer package for this purpose, but do you think having this on the application level is reasonable?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
The default application and starter packs use the email of the user as a username for authentication. If an account is stolen/hijacked/breached, the attacker can easily change the account email with a few clicks.
Most website requires a confirmation when the email address is changed to safeguard against this and implement an additional layer of user account security.
I have created a composer package for this purpose, but do you think having this on the application level is reasonable?
Beta Was this translation helpful? Give feedback.
All reactions