What good does it do to require the user to provide an email address, just so we send him/her one email to complete the registration process? It certainly won't protect against (D)DoS attacks, and I don't see how it increases security.
Asked
Active
Viewed 2,506 times
4
-
This question should be on Information Security or User Experience SE sites. – clickbait Aug 31 '16 at 12:19
2 Answers
9
The first thing that comes to my mind is that it allows them to actually confirm the account. Its a simple thing that double checks that the user actually signed up for the account and actually wants it. (See Scenario)
Scenario A:
I hate George so I am going to sign him up for all of these websites. That way he gets all this mail from them that he does not want.
Scenario B(Exaggerated)
Someone decides to register a billion accounts. With no confirmation your site now has a billion accounts that are never going to be used. Also if these are legit emails then a legit user could not register with them. (Again much more unlikely to happen)
sealz
- 5,348
- 5
- 40
- 70
3
A user's e-mail address is used to keep in contact with that user (read: spam their e-mail) and to allow the user to recover a password should they fail to remember it.
The confirmation e-mail confirms that the user is not for some reason attempting to register an account attached to an e-mail account not owned by them. If a user could register an e-mail without confirming, this could be used to harass another individual.
Sam DeHaan
- 10,246
- 2
- 40
- 48