Being able to update or rotate email addresses is a security matter, so I’d rather have that control than not.
For example, someone mentioned that if a bad actor had access to your email, they would be able to access all your accounts.
But I would argue that if your email address was compromised, and you needed to change the login email for important accounts as a counter-measure, this wouldn’t be an easy option. So this bad actor would have more control over your accounts (i.e. resetting passwords) than the user.
I don’t mind implementing strong security, as it’s often done when setting up an account for the first time, getting 2fa enabled, etc. But updating an email shouldn’t be this difficult. My banks allow me to do it, but our local sporting good store doesn’t? Come on! 😂
I’m not going to go down the route of arguing whether or not the bank should allow it to be easy to change your email address, but if somebody has compromised your email with the intention of compromising your other accounts, they are going to change the email addresses and passwords on those accounts before you have a chance to react, and you’re going to be on the phone with each one of those institutions anyway. You don’t hear a lot of this happening anyway, because it’s usually a lot safer to con somebody out of their money than it is to smash and grab out of their accounts, and probably as easy if not easier.
As for the sporting goods store, I can imagine a couple of reasons for their decision, but it probably has as much to do with spamming your email as it does security, if it has anything to do with security at all.
I don’t know your specifics, but implementing adequate security and being mildly infuriating often go hand in hand by necessity.
deleted by creator
Being able to update or rotate email addresses is a security matter, so I’d rather have that control than not.
For example, someone mentioned that if a bad actor had access to your email, they would be able to access all your accounts.
But I would argue that if your email address was compromised, and you needed to change the login email for important accounts as a counter-measure, this wouldn’t be an easy option. So this bad actor would have more control over your accounts (i.e. resetting passwords) than the user.
I don’t mind implementing strong security, as it’s often done when setting up an account for the first time, getting 2fa enabled, etc. But updating an email shouldn’t be this difficult. My banks allow me to do it, but our local sporting good store doesn’t? Come on! 😂
I’m not going to go down the route of arguing whether or not the bank should allow it to be easy to change your email address, but if somebody has compromised your email with the intention of compromising your other accounts, they are going to change the email addresses and passwords on those accounts before you have a chance to react, and you’re going to be on the phone with each one of those institutions anyway. You don’t hear a lot of this happening anyway, because it’s usually a lot safer to con somebody out of their money than it is to smash and grab out of their accounts, and probably as easy if not easier.
As for the sporting goods store, I can imagine a couple of reasons for their decision, but it probably has as much to do with spamming your email as it does security, if it has anything to do with security at all.