lxgr 3 months ago

That's why allowing account recovery using (exclusively) email is indeed a security problem.