Why require an email for registration?

[michealhawkins]

I don't understand why an email is required for registration, is it due to the tech used to create the forum? or is it a deliberate choice?
The former i understand, but for the latter i really cant think of a reason why an email would be needed other than trying to mitigate bot accounts and the like, But even then a stricter verification or more manual process would be better. I mean this is a pretty niche forum so i doubt the need to automate the verification process using email is that necessary.

i just personally don't like giving out my email to every single site. i mean i am using an alias but still.

[zonk]

That email address will be used for password recovery if you were to forget/lose it. I believe it is due to the forum software and not a deliberate choice.

What would stricter or manual verification even look like?

[rejectconvenience]

It's bot prevention, as well as for the "forgot password" function. There have been several bots skirted from what I can see on the back end, which is nice. If someone can come up with a solution that doesn't require this, I'm open to it, but I also encourage folks to use email aliases in general, which really should squash any qualms for personal information.

I don't want to do the manual verification because I do want people to be able to join in an easy way. I think the balance is fair, and I express how this information is used on the home page's privacy policy: https://rejectconvenience.com

[Thoughtless]

I think the question is trust. I personally think email is the best fit for companies that I would consider as low trust to no trust.


Accessibility - Email allows for the most device to provide authentication without friction.

Availability - Most all reputable mail servers have been battle hardened and stood the test of time. While there may occasionally be outages, one is more likely to suffer from a localized cell outage or internet outage. For the most part its not even needed unless one has forgotten a password or set up the email as part of their MFA.

Authorization - While on its own it is a weak form of Identification paired with other factors then its strength increases. One can even retain ones own anonymity while increasing the strength of this one factor through the liberal use of an aliasing services.

Email for identity access management loses its efficacy the more often its used or shared. Especially if it is in a combo list somewhere.

[Thoughtless]

That email address will be used for password recovery if you were to forget/lose it. I believe it is due to the forum software and not a deliberate choice.

What would stricter or manual verification even look like?

>FBI agents interviewing your references for clearance.
>Grabbing someones public key to encrypt your digital signature. That they then use their private key to decrypt.
>2 parties take their private keys to create a public key and a shared key for identifying each other.
>Browser pokes server, server defines the parameters that it supports, server sends public key, browser creates a session key then encrypts it with the pub key, browser sends encrypted packet to server, server decrypts with private key. (and it looks like a little lock next to your url)
>User link profile to url, other users signs with their profile that they trust user. (looks like a little check)