e-Mail Confirmations - Extra Security
By: wjack2010 | 26-05-2014 19:05
Currently, if you're logged into an account on giffgaff you can update any of the details without actually having to confirm the details. Once a detail has been updated, such as an e-mail or password, it sends an e-mail to the current, or new, e-mail address to let you know the changes have been applied.
This isn't secure.
The first change I propose: when an e-mail is changed on an account, you have to confirm, by clicking a link in an e-mail, both the OLD address and the NEW address - to ensure it is you making the change. Or, in case you cannot access your old e-mail address, you can opt to have a verification code sent to your giffgaff mobile number, which you have to enter on the website to prove you are the owner.
The second change I propose: when changing the password, an e-mail confirmation, with a link to verify, is sent to the current e-mail address.
This will ensure higher security levels as changes have to be physically verified.