This makes little sense to me. Everyone who's signed up for an account here should have assigned a private email account to it. This in itself should be considered a secure form of authenticated communication. Anyone who is able to read a password reset message from that private email should be authenticated as the owner of the account, period. Frankly, I never understood this SMS authentication, sure it is convenient, but in general phone numbers change more often that emails.
|