What is Nostr?
Andrew Feeney /
npub1sea…5lwj
2024-02-14 10:36:24

Andrew Feeney on Nostr: Suppose you have a sign in form which first accepts an email address and then ...

Suppose you have a sign in form which first accepts an email address and then proceeds to MFA steps. If you enter an email which does not match one in the system you get an error. "No matching account found" or whatever. Conversely if you enter an email which matches, you progress to the next screen. In this way you can know whether or not a particular email address is registered with the service.

What would be an alternative approach that doesn't reveal this information?

#InfoSec #WebDev
Author Public Key
npub1seagq5rps2ry4nz37f3q9npqdkkfd2mkkly3e6rvmghyxd8wrgxsl75lwj