Recently I was locked out of my own Ghost blog platform because they decided they were going to add Email 2FA. I also cannot add any other authors because that requires email verification.
Today I was looking at installing Bonfire and came across this:
Bonfire requires working email for user signups, password resets, and notifications. Most installations will need email configuration before the instance is usable.
Setting up email is a pain in the ass, costs money, is dependent on 3rd parties, violates privacy, and is just completely unnecessary. Why wouldn’t you give users the option to not use it? It’s infuriating!
Depending on the view, a functioning service something like password reset is necessary. To design the software that it can ship without functioning password can or cannot make sense, depening on the design choices. Depending on what else got send via e-mail designing the software around that can be challenging and burdening for the future of developing.
If the setup required you to setup e-mail, the software and then also the developer can always assume there is a communication path to the individual user.
As i said, it can and cannot make sense, but saying
and not even trying to put yourself into other shoes just does not make sense.
It is not necessary if you don’t lose your password, which I don’t ever, because I use a password manager. It’s also not necessary if you have administrative access to the server.
Brother we have the opposite problem. You are not putting yourself in my shoes, or other people like me.
I am not suggesting everyone should get rid of it, I’m asking why it can’t be optional and easily disabled…