Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is it not a bad idea to have an API to check if an email is registered?
2 points by benguild on July 20, 2018 | hide | past | favorite
Someone at work joked, “maybe only for certain websites people wouldn’t want others knowing they’ve signed up for!” ;)

Anyway, I’ve always tried to steer away from this, but designers seem to love the UX of morphing a universal login or signup flow from one to the other based on prior activity. However, this makes that info public and potentially scrapable/vulnerable.

Besides rate-limiting or emailing them a link to login, is this considered OK in 2018? Is it permissible to expose emails registered without verification under GDPR?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: