Totally. We haven’t decided the mechanism yes though. Since we’re now password-less I can imagine something like sending you an email to the “old address” for you to click in order to take you to the “give us your new email” screen, and after that another email to the “new address” for you to confirm the change.
All that sprinkled with timeouts so nothing breaks if you make a mistake typing the “new address” and you can keep logging in with the “old address”. If you think about it it’s very similar to any other password recovery flow.
The perceived strength of auth is a critical matter for us, in a world of banks asking you for crazy long passwords and PIN calculators we’ll need to make a big effort to educate our users (not developers but regular people) that Mondo is perfectly safe without all those inconvenient steps. I wonder how many “measures” on legacy banks are just pure placebo.
