DEV Community

Discussion on: Facebook, Google or Github - which OAuth for your site?

 
rodiongork profile image
Rodion Gorkovenko

Password restore system is also not that hard.

Well, I don't mean it is very hard. But as usually, not doing this at
all is easier. That is my point :)

If you ask for consent and be transparent about what you store, for what reason.. then you will comply. Do not store more than you need.

Note that by GDPR, I think, this probably should be stored on servers in the same region where user resides. That may be painful. Though workaround is to store only hash of email and then ask for user to enter it (and compare hash) when user wants password reminder...