Being able to update or rotate email addresses is a security matter, so I’d rather have that control than not.
For example, someone mentioned that if a bad actor had access to your email, they would be able to access all your accounts.
But I would argue that if your email address was compromised, and you needed to change the login email for important accounts as a counter-measure, this wouldn’t be an easy option. So this bad actor would have more control over your accounts (i.e. resetting passwords) than the user.
I don’t mind implementing strong security, as it’s often done when setting up an account for the first time, getting 2fa enabled, etc. But updating an email shouldn’t be this difficult. My banks allow me to do it, but our local sporting good store doesn’t? Come on! 😂
I’m not going to go down the route of arguing whether or not the bank should allow it to be easy to change your email address, but if somebody has compromised your email with the intention of compromising your other accounts, they are going to change the email addresses and passwords on those accounts before you have a chance to react, and you’re going to be on the phone with each one of those institutions anyway. You don’t hear a lot of this happening anyway, because it’s usually a lot safer to con somebody out of their money than it is to smash and grab out of their accounts, and probably as easy if not easier.
As for the sporting goods store, I can imagine a couple of reasons for their decision, but it probably has as much to do with spamming your email as it does security, if it has anything to do with security at all.
but if somebody has compromised your email with the intention of compromising your other accounts, they are going to change the email addresses and passwords on those accounts before you have a chance to react
Well, I’m only doing to disagree because it’s impossible to log into my important accounts without being notified by texted and/or being asked for a 2fa authentication.
The way I see it, changing an email address doesn’t really do any damage, only causes inconvenience.
I’d be more worried about changing a shipping address and using a saved credit card to make real purchases. That’s what companies should protect against, but I’ve never had to prove my residence to any of them.
As for the sporting goods store, I can imagine a couple of reasons for their decision, but it probably has as much to do with spamming your email as it does security, if it has anything to do with security at all.
They’re actually pretty good with NOT spamming, but I did email their customer service to ask how I can change my email address, and they asked that I call.
I don’t know your specifics, but implementing adequate security and being mildly infuriating often go hand in hand by necessity.
deleted by creator
Being able to update or rotate email addresses is a security matter, so I’d rather have that control than not.
For example, someone mentioned that if a bad actor had access to your email, they would be able to access all your accounts.
But I would argue that if your email address was compromised, and you needed to change the login email for important accounts as a counter-measure, this wouldn’t be an easy option. So this bad actor would have more control over your accounts (i.e. resetting passwords) than the user.
I don’t mind implementing strong security, as it’s often done when setting up an account for the first time, getting 2fa enabled, etc. But updating an email shouldn’t be this difficult. My banks allow me to do it, but our local sporting good store doesn’t? Come on! 😂
I’m not going to go down the route of arguing whether or not the bank should allow it to be easy to change your email address, but if somebody has compromised your email with the intention of compromising your other accounts, they are going to change the email addresses and passwords on those accounts before you have a chance to react, and you’re going to be on the phone with each one of those institutions anyway. You don’t hear a lot of this happening anyway, because it’s usually a lot safer to con somebody out of their money than it is to smash and grab out of their accounts, and probably as easy if not easier.
As for the sporting goods store, I can imagine a couple of reasons for their decision, but it probably has as much to do with spamming your email as it does security, if it has anything to do with security at all.
Well, I’m only doing to disagree because it’s impossible to log into my important accounts without being notified by texted and/or being asked for a 2fa authentication.
The way I see it, changing an email address doesn’t really do any damage, only causes inconvenience.
I’d be more worried about changing a shipping address and using a saved credit card to make real purchases. That’s what companies should protect against, but I’ve never had to prove my residence to any of them.
They’re actually pretty good with NOT spamming, but I did email their customer service to ask how I can change my email address, and they asked that I call.