Kevin avatar image
Kevin suggested

Modernize handling of email addresses

There are several flaws in the way that PlayFab handles email addresses which together create a frustratingly outdated system:

  1. Account email addresses are not confirmed. This allows players to use a fake email address, use someone else's email address, and/or easily register numerous accounts.

  2. Players cannot change their account email address. The Game Manager lets us change an account's email address, meaning this is technically feasible, but there's no API for it. The only way we can allow players to change their email addresses is to ask them to email us, which creates a major customer service burden.

  3. Account recovery emails are only sent to the account email address, not the contact email address. This is a particularly big problem when combined with the previous two problems.

  4. An account that is created with just a username cannot add an account email address for password recovery later.

Competing backend services already support account verification emails and allow users to change their own email address. For example, Google Firebase has supported these features for at least 6 years.

Some of the many problems that can occur with the current limitations of PlayFab:

  • A player tries to register and finds out that someone else has already registered with the same email address

  • A player creates an account with a fake email address, then later decides they want to change to their real email address, but can't

  • A player attempts to create an account with their real email address, but makes a typo

  • A player creates an account with a real email address, but later stops using or loses access to this address

  • It's a major hassle for us as game developers to explain these bizarre limitations to players.

There are many reasons why a player might stop using or lose access to an email address: - It was a student email address that the player lost access to after graduating or changing schools - The player's email account was hacked/stolen and the password/recovery options changed such that the player can no longer access the account - The email address was provided by the player's Internet Service Provider (ISP) and the player loses access to the email address after changing to a different ISP. - The player has stops using the email address due to cyberstalking or online harrassment - The player stops using the email address due to changes in the email provider's terms of service or privacy policy. - The player stops using the email address after growing out of it (e.g. after turning 18, a player decides they no longer want to be known as '') - The player stops using the email because it now has a new connotation due to changes in slang or vernacular - The player has changed names after a gender transition (e.g. becomes

Account ManagementAuthentication
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No Comments


Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.