• GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    7 months ago

    They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.

    For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.