What’s the best approach to confirm user email address: sending an email confirmation link or sending a verification code in email?
I see there are number of questions available there about approach for confirming email address with pretty good answers. I have a similar question I can think of two approaches for confirming email address:
Sending confirmation link on the user provided email address, by clicking this link a new page will open showing user account confirmation message.
Another approach is instead of providing confirmation link, provide user with the verification code in the email, let's say number 12345 is verification code, then user will read this number and enter it on the Confirmation page.
It would be great if you could provide your views for the above-mentioned approach. I agree that option #2 seems to add a bit of overhead however my priority is for security.
The mobile application integrates with my existing web application (I have developed APIs for it). The mobile application uses those APIs to get data from the web application. Now using the register API, the mobile app can register the user. For registration, the user's email address and password is required. I want to confirm the user's email address before giving him full access to the application. If user's email address is confirmed then he can use all options otherwise user is restricted to certain options. To confirm the email address, should I:
Send the verification link to the user provided email address
Send verification code in the email which user can enter on "verify account" page in mobile app
Send deep link + verification code in the email so that when user click on deep link automatically mobile app will get launched with the verification page being open where user can type in (or copy+paste) the verification code
I want to know which is one better approach from usability point view and security point of view (my preference is for security).