> Most of these services tie back to an account (most with an actual email address).
Indeed, that design helps address the problem. But it also has implications for signup flow as you now need an email — which is why I'm advocating that engineers "consider" the issue.
> These are the types of threats engineers _love_ wasting time analyzing.
Indeed, that design helps address the problem. But it also has implications for signup flow as you now need an email — which is why I'm advocating that engineers "consider" the issue.
> These are the types of threats engineers _love_ wasting time analyzing.
Sheesh, where's that hostility coming from?