I have seen this on other apps, when you use the wrong email to log in to your account and go to “forgot password” and then sit there and wait for the recovery email that’s not coming. It’s not a big issue, but it is annoying and confusing.
Is it possible to have a “email not associated with user account” message to appear when someone uses the wrong email in the “forgot password” feature?
Thanks,
From a security perspective, this is not a good idea and should absolutely not be implemented.
This gives bad actors the ability to determine what email addresses are associated with user accounts, and which are not.
Google, Amazon, Facebook, Reddit, your bank will not tell you if an email address exists in their system (or doesn’t).
Your “send log in link” functionality already provides intel regarding valid email addresses. This should be removed.
Jeremy