[Owasp-leaders] email verification
ali.khalfan at owasp.org
Thu Mar 16 20:47:44 UTC 2017
I'm interested in soliciting opinions regarding e-mail address
verification when users enroll in e-banking/e-learning/e-government
services. Should this always be a necessary step that a user should
verify that they own the e-mail ?
what would be the risk if the user's ownership of the e-mail is not
verified? I know this may sound like an obvious question, but I keep
seeing many critical services (such as e-banking) where users' ownership
of an email address is not verified.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the OWASP-Leaders