Friday, 12 May 2017

A variety of mail address change protocols

I'm currently in the process of phasing out one email address and going through accounts I have on websites. In the process I've encountered a lot of variations on protocol and praxis. I'll start with the most secure examples:
  • Confirmation required on both the old and new addresses.
  • Confirmation required on the new address and notification to the old one, or vice versa.
  • Can just edit and save, perhaps with notification afterwards. This is bad, anybody who gains access to the account can change it. Also what if you make a typo, then you're locked out.
  • No way to edit, have to ask support to change it. Surprisingly some large sites require this. One asked me to create a new account, then they would migrate the history to it.
  • There is a user initiated process but there is a glitch such as the contact email can be changed but the login ID is still the old email. Have to contact support again.
  • The user initiated process doesn't work. Have to contact support.
And a lot of websites have no way to delete the account. All you can do is hope that your password is unique and encrypted securely, and that their database doesn't get stolen some day.