Background: I am attempting to create a very minimal website for my company written in Rust (yay!). All it does is list products and accept orders with no community or user submitted content beyond payment data (handled via stripe and I only save shipping info). I am using the Rocket framework which doesn't seem to have this baked in yet.<p>The problem: I need a way to let previous customers recover order information and print invoices, but I personally hate being forced to create user accounts on websites just for this purpose. I also didn't want to deal with user passwords and account recovery (hey I said it was minimal!).<p>The scheme I've come up with and tested successfully so far in my dev environment, is to let customers type their email address that they used to make orders orders and send them a time-limited one-time login key via email (it could also come via text using their number if I ever figure that one out).<p>This in theory verifies they control that email address, and once logged in they can see previous order information.<p>That's pretty much it, but seeing as how I've never seen this type of thing available before in my Django or Flask experience, I wanted to see if I was in fact making some kind of huge mistake from a security or convenience perspective. The last thing I'd want to do is compromise the security of clients' information, or make a system that is too annoying to use.<p>I am also trying to be reasonable because it's not like I'm storing vast amounts of personal information or payment credentials.<p>I would also like to think about open sourcing my solution or submitting it as an add-on to Rocket, but I need a gut check first.<p>thanks!
Sounds reasonable. However, the access to previous orders should be limited in time.<p>email addresses, like snail mail addresses do expire: what happens if the email address owner changes after the fact? Should you serve the recap and other snail mail addresses a long time after the deal is done and finished? Unless you have mandatory requirements (commercial law) to keep serving invoices/recaps, I'd recommend you seal those away when they aren't needed anymore (and protect them with a password).<p>Something "new" to consider, is how Chrome[0], FFx and company now "suggest" strong passwords when registering on a website. Using the email-OTP might be more cumbersome than using your phone's or PC's built-in password manager.<p>Less data to protect = easier to deal with.<p>[0] <a href="https://support.google.com/chrome/answer/7570435?co=GENIE.Platform%3DAndroid&hl=en" rel="nofollow">https://support.google.com/chrome/answer/7570435?co=GENIE.Pl...</a>
I'm personally against the idea because it wrongly assumes that email is some form of guaranteed instant messaging platform. You can end up denying someone access because the email is delayed or never arrives.