What’s the reason behind not notifying users that they entered a wrong email when they recover their password?

Sorry, I was not able to formulate the title shorter.

Today I stumbled across the password recovery from Dropbox. Here, users have to enter their email address and Dropbox says:

If a Dropbox account exists for does.this@email.exist, an e-mail will be sent with further instructions.

https://www.dropbox.com/forgot?email_from_login=does.this@email.exist

But what is the reason behind this? First, I thought they try to prevent attackers from randomly guessing email addresses and checking whether they are registered or not. Imagine you know that Donald.Trump@yahoo.com is registered to, e.g., craigslist. This might be a great privacy issue in some cases.

But then I remembered that your email is checked against all existing email addresses when a new account is registered.

So, what is the reason behind this behavior?

Tags: UX Stack Exchange

What’s the reason behind not notifying users that they entered a wrong email when they recover their password?

UX in 2018: The human element

Three Takeaways from the Hawai’i Missile False Alarm

UX in 2018: Content

UX in 2018: Design, Development, and Accessibility

The Power and Danger of Persuasive Design

What’s the reason behind not notifying users that they entered a wrong email when they recover their password?

Related Posts