Comment by wan23
4 years ago
Email addresses aren't really good for this. It's really easy to sign up for a service with someone else's email address, for example. Sure, if that person ever finds out they can potentially claim ownership of the account through a password reset, but it doesn't erase the fact that you have been using their "identity" for some time.
Is this still a thing though? Pretty much everything I've used in the past 10-15 years has required email validation before allowing you to do anything meaningful.
Either way though, I don't see how an account claiming to be "wan23" would be any more trustworthy to me as created off of the back of an email account or off of a wallet ID - I still have no idea (nor do I care) who you are.
It is still a thing. Hell, even AWS let someone create an account with my email address without validation. Stupid system kept spamming me to alert me that the instance of whatever they spun up was stopped because there was no money in the account.
> Email addresses aren't really good for this. It's really easy to sign up for a service with someone else's email address, for example. Sure, if that person ever finds out they can potentially claim ownership of the account through a password reset, but it doesn't erase the fact that you have been using their "identity" for some time.
This is also true of a private key, in fact it's literally the same scenario...
Presumably a service that allows you to register using a public key as a unique identifier would require you to sign something with the private key.
That's what email confirmation is for. Let's you confirm possession of the email account you enrolled with.