I am creating a free to use website without restricted registration. Part of registration includes validating the email address entered by clicking a link we send to that address. The unique identifier for each account is their chosen username.
Should multiple user accounts (potentially the same person with multiple accounts) be allowed to exist with exactly matching email addresses?
Answer
No!
You can't send "forgotten password" links to a single account if you have the same e-mail address, unless the user specifies a unique username. But what happens if the user forgets the username as well? Then you need to reset password on all accounts associated with the e-mail address.
No comments:
Post a Comment