← Back to context

Comment by charcircuit

6 months ago

How do you send a password reset email with this. Eventually your mail server will need the plaintext address in order to send the email. And that point can be leaked in a data breach.

It's idealistic to think this could solve data braches because businesses knowing who their customers are is such a fundamental concept.

3 comments

charcircuit

Reply
johnisgood  6 months ago

A password reset e-mail is supposed to expire pretty quickly though, so would it really matter in practice?

  • charcircuit  6 months ago

    The email must be able to be used at any time which means that and attacker may be able to also "use" them.