I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
If you have legal obligations to keep or really need it for contact purposes then yes you would need to keep it in plain text.
Bu if you only need it for login purposes or to send notifications while the user is logged in then you can store the emails as an hash in the database.
If you can login into my email account then you can, otherwise you can't.
When I said that would work as usual I am referring to the normal process of recovering a password where an email is sent to your email account with a unique link that normally also as a short expiration time.
So I can login into your account anytime because I know your email?
@BG Adrian
If you have legal obligations to keep or really need it for contact purposes then yes you would need to keep it in plain text.
Bu if you only need it for login purposes or to send notifications while the user is logged in then you can store the emails as an hash in the database.
@rhymes
If you can login into my email account then you can, otherwise you can't.
When I said that would work as usual I am referring to the normal process of recovering a password where an email is sent to your email account with a unique link that normally also as a short expiration time.
Ok sorry, I misunderstood,I was thinking of passwordless logins.