[Owasp-leaders] email verification

Ali Khalfan ali.khalfan at owasp.org
Thu Mar 16 20:47:44 UTC 2017


I'm interested in soliciting opinions regarding e-mail address
verification when users enroll in e-banking/e-learning/e-government
services.  Should this always be a necessary step that a user should
verify that they own the e-mail ?  


what would be the risk if the user's ownership of the e-mail is not
verified?   I know this may sound like an obvious question, but I keep
seeing many critical services (such as e-banking) where users' ownership
of an email address is not verified.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170316/1d7234cc/attachment.pgp>


More information about the OWASP-Leaders mailing list