Actually just as I type this I realise I probably shouldn't let a member that uses external logins be able to update their email address as they won't be able to log in! Thinking of adding some member groups - "External Login" "Password Login". If they are member of "Password Login" then my update email form will need their existing password too and update the hash. If they are an external login then I don't show the option to update email... Anyone hit similar?

> Finding that if a member updates their email address they can't log in using the password - guessing the password hash uses the login email. Which version are you using? Quick code lookup in v13 shows (MemberPasswordHasher/UmbracoPasswordHasher) doesn't seem to use the email.

If you can reproduce this on a blank install with the provided snippets, feel free to open an issue and we will have a look at it.

> Have a site where the member can update their email address. If the reason for changing the email is not to change the login details but rather the contact details. You can always create a "contactEmail" property and on registration set it equal to the email property. Then let your form update the contactEmail one. Another way to go is to implement a specific change email flow, where you capture both the old and new email. Send an email to the first (to verify its the actual user and not somebody hijacking their session). Send an email to the second that both verifies they have access to the new address and supply a link to reset the password with a token that gets created after the first email has been verified. This way, the email is changed, you guarantee they can login and the password is reset ✅