Authentication notifications must include specific context about the triggering action, clear instructions for legitimate use, expiration details, and explicit steps to take if the action was unauthorized. This enhances security by helping users identify potential account compromises and take appropriate action.
Authentication notifications must include specific context about the triggering action, clear instructions for legitimate use, expiration details, and explicit steps to take if the action was unauthorized. This enhances security by helping users identify potential account compromises and take appropriate action.
Example:
<p>You've initiated an account merger which requires verification. Please use the code below to confirm:</p>
<p></p>
<p>This code expires in 30 minutes.</p>
<p>If you didn't attempt this action, please secure your account immediately and contact support@sentry.io.</p>
Rather than the less secure alternative:
<p>Here is the verification code you requested. It expires in 30 minutes.</p>
<p></p>
<p>If you weren't expecting this email, please ignore it.</p>
Enter the URL of a public GitHub repository