In general, a lot of services have absurdly tight time requirements on email validation. A lot of users have graymail setups or other things that will delay email, not to mention polling intervals.
I get expiring temporary credentials in email on the general principle of not leaving credentials lying around, but use 24 hours or something, not minutes. There’s minimal added risk, and it avoids a ton of problems.
In general, a lot of services have absurdly tight time requirements on email validation. A lot of users have graymail setups or other things that will delay email, not to mention polling intervals.
I get expiring temporary credentials in email on the general principle of not leaving credentials lying around, but use 24 hours or something, not minutes. There’s minimal added risk, and it avoids a ton of problems.