Forwarding a 'log me in' help link does seem like authorizing the recipient to log in to your account 🙄 the security step lies in receiving the link itself.
Michael MacTaggert is a software developer looking for work, host of a law review podcast called Amicus Lectio, and a moderator of Programming Discussions (invite.progdisc.club). Follow me on Twitter!
Preventing users from taking actions that hurt themselves is also a part of security. If you can't think of a reasonable situation wherein a user would want to forward an automatic login, then why give them the option to shoot themselves in the foot and then blame them for firing?
They aren't giving them that option. That is out of Facebook's scope. They sent a password recovery e-mail. If you received it and use your e-mail client to forward it to someone else and they get into your account, hey that's on you buddy.
Michael MacTaggert is a software developer looking for work, host of a law review podcast called Amicus Lectio, and a moderator of Programming Discussions (invite.progdisc.club). Follow me on Twitter!
Forwarding a 'log me in' help link does seem like authorizing the recipient to log in to your account 🙄 the security step lies in receiving the link itself.
Preventing users from taking actions that hurt themselves is also a part of security. If you can't think of a reasonable situation wherein a user would want to forward an automatic login, then why give them the option to shoot themselves in the foot and then blame them for firing?
They aren't giving them that option. That is out of Facebook's scope. They sent a password recovery e-mail. If you received it and use your e-mail client to forward it to someone else and they get into your account, hey that's on you buddy.
>They aren't giving them that option.
>If you [do that option], hey that's on you buddy.
That's a contradictory, unreasonably user-hostile perspective.