I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
User registration will still need to check if the email is the user id (which I loathe).
Not necessarily. If it’s implemented well, the frontend will just show a “success” message, but the email sent will be different. This way, the owner of the account will know if they already have an account, or if it wasn’t them, that someone else tried to use their email. Meanwhile the bad actor won’t know anything new.