undefined | Better HN

0 pointsklyrs2y ago0 comments

Every place I've used that, email addresses are not publicly visible. To compromise that, they'd need to guess the very long random email address and its very long random password.

0 comments

dredmorbius2y ago

I've seen instances where the password recovery workflow indicates the email address to which a reset request has been sent, or other mechanisms by which addresses may be revealed.

That's far less frequent now, and definitely not best practice.

However there may also be bugs and data breaches which reveal such information.

j / k navigate · click thread line to collapse

0 pointsklyrs2y ago0 comments

Every place I've used that, email addresses are not publicly visible. To compromise that, they'd need to guess the very long random email address and its very long random password.

0 comments

dredmorbius2y ago

I've seen instances where the password recovery workflow indicates the email address to which a reset request has been sent, or other mechanisms by which addresses may be revealed.

That's far less frequent now, and definitely not best practice.

However there may also be bugs and data breaches which reveal such information.

j / k navigate · click thread line to collapse