- There is no link to change your password when you are logged in to change it. You have to logout and then press on “I forgot my password” (I didn’t forget my password, I want to change it)
- Changing the password does not invalidate current sessions, so if anyone gets access to your account, even changing the password they will be still logged in
- There is no two factor authentication
- There is no way to delete your account: in the help page > delete account, the instructions are outdated (and it was edited 1 week ago), the links doesn’t work, etc. and there is no apparently any support email (doesn’t that violate EU laws?)
- There is no way to change your email (if any attacker got access to account, I would like to change the email too)
It surprises me how a company with that technology is missing this basic stuff…