The expiration link technically solve part of the issue, however as long as that link is not expired people can keep using that verification link to login without a password.
Would really appreciate if you can work on a one time use activation link, as this will greatly improve security. Is there an estimation on when this can be roll out?
Thanks.
