Creating two accounts in one email address? A broken authentication or normal feature?

Hey guys! first I want to ask you if, is it possible to have two different accounts registered in a website using one email address?

I found a way on how to have two accounts using one email address. Is it a broken auth or normal feature?

I love to hear your feedback on this guys. :smile:

PS: will make an article for this soon…

That sounds like a broken auth situation, if the email is the exact same. There’s gmail workaround where you can put and then and it would technically be one address in Gmail, but a site would see that as two separate addresses.

1 Like

Hi Evan,

The question would be what would be the impact of having two accounts with the same email address. Some websites allows authentication via username, and uses email just for communication or password resetting of accounts. This behaviour would be intentionally done.

If it can be used to take-over an account for example or disallowing a user from using his account, then it would be an issue in my opinion.

1 Like

There are cases in which this can turn out as a malicious action. Under certain conditions, databases may or may not inform the application that this e-mail address exists, therefore overwriting the previous record and usually taking over the account.

This is a good example of a malicious use.