Just to clarify, would you mean to have the email/validate stage as part of the flow to access the app, or let them continue with just the email with a limited functionality?

Compared to login or password reset, you rarely see the email validate before register flow, especially for mobile apps etc. That makes it pretty hard to make the case that this needs to be actioned from a security perspective when even the big companies are not following it either.

I was having a chat about this with a UX guy. His argument for using a similar flow was that the username/email will have to be validated at the point of registration anyway so you might as well make it easier for the user when the email is wrong. I couldn’t really refute this logic.

If you throttle both login and registration, then surely the risk is minimised while keeping the user happy?

I have also been pretty pleased with a Berghaus mac I bought a while ago. It survived about 10 years of near daily use (either on or scrunched in a bag). I have only recently replaced it with a Patagonia after the inner lining started disintegrating. Before that it kept it’s waterproofness throughout many wet Welsh downpours.

I don’t think I’m your guy haha. I do not have a ravioli bowl unfortunately.