It's a common practice for websites to send email verification links on sign up. Should these verification links expire? I know about a bunch of website where they do and I wonder why?
Answer
There isn't any major security reason behind them expiring. The main reason that this is done is to be able to clean up the database of old unused verification information.
From a UX side, some people argue that having a shorter verification time encourages people to verify sooner rather than later, but I haven't seen any evidence supporting that. It does however fit what I would expect in human behaviour.
No comments:
Post a Comment