jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

Of course, the real gem is always in the replies. I support this, and don't support the main idea.

Thanks,
You are right, both mail should be signaled to acknowledge or to cancel.
I had such a problem afeter a type on the email address. After a week, the change since unconfirmed was cancelled…
(One trick I've seen is to create an email address that match the typo… Anyway, strangely it never received any mail…)

No support. It will just increase my work.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

While this could work in theory, what if the account deleter queued up a bunch of accounts/ one account waited a week, then deleted the account? I think that making it check someone's computer ip address instead of sending a confirmation to an email address would be more secure.

creater365 wrote:

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

While this could work in theory, what if the account deleter queued up a bunch of accounts/ one account waited a week, then deleted the account? I think that making it check someone's computer ip address instead of sending a confirmation to an email address would be more secure.

You can very easily spoof an IP address or other forms of identification like a MAC address, so this would probably not do much to stop people from deleting accounts, plus there's the issue if the account owner uses a new network and/or computer. Also keep in mind that you would have to be signed in to request this, so to queue up multiple requests would mean compromising multiple accounts, which is unlikely.

No support if it's required, because you may no longer have access to your old email. Maybe, if and only if after they changed and confirmed the new email, you have a new link in your old email to revert the change. If you notice your password change, though, you should be able to reset your password (if it's still on the old email, which it would be unless you have an email that it changed) and cancel the confirmation.

Otherwise, full support. I want it to be toggle-able in the Account Settings page, but if you need to toggle the option off, a confirmation will be sent to the old email, so that, if you didn't request this to be turned off, they can't change your email.

If you change your scratch email in your scratch account will it still have all of the projects?

turkey3 wrote:

Additionally, deleting an account shouldn't be so easy. It's so easy for someone to just crack someone else's password and delete years of progress. Deleting an account should also require email confirmation.

That's irrelevant; don't derail the topic focus

Adam-sameh wrote:

If you change your scratch email in your scratch account will it still have all of the projects?

Absolutely.

support, i've always found it strange that the old email doesn't need to confirm… i was very confused and probably said out loud "it's that easy??"

qwertyy_the_artist wrote:

support, i've always found it strange that the old email doesn't need to confirm… i was very confused and probably said out loud "it's that easy??"

Problem is, people might not have access to the email that was used