Well it does eliminate a whole list of problems related to account takeover, account recovery workflows, legal questions regarding which email owns the data, etc. Sometimes less is more. Secure, reliable, simple.
If anything, this makes account takeover and account recovery way more difficult. It probably makes a bunch of legal stuff easier for them, but that’s about it.
That's pretty obvious to anyone who had to maintain a high traffic site. Just the tip of the iceberg (I haven't included additional legal issues and other):
1.1 Strong protection against account takeover
Email change is one of the most abused recovery vectors in account takeover (ATO).
Eliminating email changes removes:
Social-engineering attacks on support
SIM-swap → email-change chains
Phished session → email swap → lockout of real user
Attacker must compromise the original inbox permanently, which is much harder.
1.2 No “high-risk” flows
Email change flows are among the highest-risk product flows:
Dual confirmation emails
Cooldown periods
Rollback windows
Manual reviews
Fixed email removes an entire class of security-critical code paths.
1.3 Fewer recovery attack surfaces
No need for:
“I lost access to my email” flows
Identity verification uploads
Support-driven ownership disputes
Every recovery mechanism is an attack surface; removing them reduces risk.
darth_avocado|2 months ago
prmph|2 months ago
blitzegg|2 months ago
1.1 Strong protection against account takeover
Email change is one of the most abused recovery vectors in account takeover (ATO).
Eliminating email changes removes:
Social-engineering attacks on support
SIM-swap → email-change chains
Phished session → email swap → lockout of real user
Attacker must compromise the original inbox permanently, which is much harder.
1.2 No “high-risk” flows
Email change flows are among the highest-risk product flows:
Dual confirmation emails
Cooldown periods
Rollback windows
Manual reviews
Fixed email removes an entire class of security-critical code paths.
1.3 Fewer recovery attack surfaces No need for:
“I lost access to my email” flows
Identity verification uploads
Support-driven ownership disputes
Every recovery mechanism is an attack surface; removing them reduces risk.