

Forgot password – No account registered – Securiry breach? - haritap

When using the “Forgot password?” option from any portal, generally it should acknowledge if the email entered was registered in the application. People claim that this allows for a hacker to verify a whether an email address is valid or not.<p>What could be the solution? How do a person know if he types wrong mail.
======
iqonik
If you have the bandwidth, handle forgotten passwords manually through a
customer service call and ensure they give you email, username and billing
details if applicable.

------
code_duck
Just say 'we sent a mail to ' whatever address they entered. If it's
incorrectly typed, the user can see it then and try again.

------
pizza
_If there is an account registered to this email account, a recovery email was
sent to it_ etc.

