Hi folks,
I hope you are doing well !
Please let me know what do you think about this ?! because I already implemented a basic verification mechanism.
So this was my response to someone asking for the same question:
I came across a Reddit post where one explained that one click on the link is not sufficient and might lead to errors and a failure of the verification. The logic is simple and legit, when the email containing the link is received, there might be link scanners (bots) on the SMTP server (Outlook, Gmail etc). Just like when you past a link on major social platforms, there is always a bot that hits the link. I did not try it myself but I believe Outlook scans some links (when you copy past a link it is converted to a thumbnail with page's content). So this process oblige you to do a verification by two steps, and I personally think of these two methods:
- Maybe when the user clicks, he needs to past his own password used for sign-up (looks fine).
- Or provide a one time password with the email so that the user along with the verification link (maybe split then re-concat) the same token you send for verification and ask the user to enter that second part (this seems easier).
Thanks !
Top comments (0)