Why isn't email verification required?

Forum|Forum|1 year ago
January 11, 2024
4 replies
52 views

+8

jills
Inspiring
10 replies

Is there a reason why you don't need to verify your email address to access Airtable? I was shocked to discover this isn't a requirement.

I have an interface set up so that only the current user can view sets of information, but I found that it's possible for someone to create an Airtable account with someone else's email and view the information associated with that email address. Email verification is not required to access the interface and see data that should only be seen by the actual user.

Are there plans to address this? Is anyone using a workaround to make this more secure? Is it related to being on the Team plan?

+35

ScottWorld
Genius
9808 replies
Forum|Forum|1 year ago
January 12, 2024

Yeah, that seems like a pretty big security hole. I would report that to support@airtable.com.

J

+8

jills
Author
Inspiring
10 replies
Forum|Forum|1 year ago
January 12, 2024

Yeah, that seems like a pretty big security hole. I would report that to support@airtable.com.

Thanks! I'll do that. I'm getting pushback from my company about using Airtable because of this security issue. I was also surprised at the lack of posts about it.

J

+8

jills
Author
Inspiring
10 replies
Forum|Forum|1 year ago
January 12, 2024

UPDATE: Customer Support did respond, and I did some new testing. As far as I can tell now, any shared bases or interfaces cannot be accessed until after email verification. So while email verification is not required to start using Airtable, shared data cannot be accessed until after the email address is verified.

+35

ScottWorld
Genius
9808 replies
Forum|Forum|1 year ago
January 13, 2024

Ah, that's great to know!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded