Securing email addresses and resetting passwords

In the past week, I have received 3 password reset emails from Discord with a link for me to click on to reset my password.

But I have never joined Discord, so after the 3rd attempt by some desperate gamer, I wrote to Support, who were very helpful, and have disabled the account, whilst waiting for the gamer to realise that it is not their email address..

I have had similar reset emails from a number of websites recently, so it seems that this is not just a typo.

I do not know how that email address was confirmed, it is not one I use often, but I cannot find any confirmation email in my mailbox. I know that Paypal will accept an email address containing a period or a dash as a separate account from one without, (which gmail will not) as I have a dopperganger on paypal, whose messages I continue to receive after several years of complaining. So perhaps that is how the account was set up using my email address, which I have had for many years.

Using a different email address, I set up this new profile and was asked to confirm via clicking on a link that it was my email address.

I suggest that a special note be added to the 'forgot password' page, asking the user to be sure that the email address is correct, and after the 3rd attempt, Support should probably step in. Havint said that, I realise that if this user using my email address was somehow allowed to register, then that wouldn't work.

I frequently receive mail addressed to some of my other email accounts, often private messages, and it is clear that many people forget what their own email address is, or which one they are using where.

Not sure how to solve this, people are reminded over and over about password security, but never reminded to keep a note of what email address they use.

Thanks to Support, it is unusual to receive such rapid and helpful feedback, none of the other sites I wrote to paid any attention to the problem.

Comments