Safety of profile changes

I just changed the email address in my profile, and my account has been deactivated.  This looks like a good and reasonable safety measure, however, the re-activation link was sent to the new email address rather than to the old one. So it does not safeguard against a villain changing the email address to their own.

There would be little point in sending a re-activation notice to the old address - you're assuming someone who changes their address would still have access to it and that could very well be not the case .

To change your address, you must have logged into the site using a name/password combination - that's from where the protection is derived.

There would be little point in sending a re-activation notice to the old address - you're assuming someone who changes their address would still have access to it and that could very well be not the case .

That's my case - every time I changed my address, I kept the access to the old one at least for a while. But yes, if someone used their job's email account and they are fired and lose any access to their email -  then re-activating from the old address may pose a problem. I haven't thought of that - but I have never been fired. So far .

To change your address, you must have logged into the site using a name/password combination - that's from where the protection is derived.

So what is the point of account deactivation and the re-activation link being sent over email?

So what is the point of account deactivation and the re-activation link being sent over email?

That's a good question.  Apparently the developers had some sort of reason in mind...although what it is, I have no idea.  

So what is the point of account deactivation and the re-activation link being sent over email?

Put simply, I don't know.  However, it's part and parcel of the message board software we use - not something which was written by us.

Activation is actually more complicated than it seems, but you don't see the rest of it. It's presently controlled ultimately by admin - it lets us filter out the 'spam' accounts that post spurious messages and general rubbish. We can usually determine these by the websites posted as signatures. So really, you don't actually activate an account - we do. As Graeme indicates, the email address handling wasn't done by us - it's just the way the board was written.

We can usually determine these by the websites posted as signatures.

I see.

 As Graeme indicates, the email address handling wasn't done by us - it's just the way the board was written.

Yeas, I know - I was just interested how and why it worked.