Mastodon Feed
adele@social.pollux.casa ("Adële 🐁") wrote:
I don't manage to get time to end writing the account management process of https://message.casa
It is not complicated, just registration with an invite code, and password change, but they must be secured processes.
I'd like to keep accounts anonymous, just a login and a password, without requiring an alternative email address. But this implies that it is not possible to get a link to reset the password.
Isn't it too dangerous to not have this possibility? If you lose your password, you definitively lose your account!It's not a good idea to send the reset link to the message.casa address. If you want to reset your password, it could be because someone has stollen your device or your session.
Is there a good design pattern to reset a password without a "backup" alternative email address?