board77

The Last Homely Site on the Web

Password changes

Post Reply   Page 1 of 1  [ 11 posts ]
Author Message
Primula_Baggins
Post subject: Password changes
Posted: Sat 07 May , 2005 11:28 pm
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
Okay, that was an exciting way to spend an hour. . . .

Truehobbit and I have just had a very instructive experience, based on which I have a suggestion to make.

Truehobbit was contacted on YIM by (apparently) Holbytla, who said he couldn't get onto the board and needed a new password. She IMed him one—and then realized that perhaps she should not have; the IM name was one Holbytla might use, but those names are easy to get.

Truehobbit PMed me, and we agreed that we ought to confine Holbytla to the BikeRacks while we sorted out the problem. We removed him from the All_Members group and added him to the BikeRacks. When truehobbit reminded me :oops: , I removed him from the Jury Room group as well.

But of course that did nothing, because what I hadn't remembered :oops: was that all the individual permissions are still on, and those of course override all the off permissions in the groups. So we switched those off as well.

I also started a thread in the BikeRacks with Holbytla's name on it to explain what had happened.

Holby responded to our PMs and said he had indeed asked for the new password. Truehobbit pointed out that a Nefarious Impostor would say the same thing, so I realized that I needed to have Holbytla email one of my personal accounts from the account he used to sign up for the board.

He did so, and we restored his permissions.

As a result of all this, I have a suggestion:

However we are contacted by someone requesting a new password, we should insist that the request be repeated in an email coming from the member's official email address—the one the member used to sign up on B77. The email should probably go to the admins' general email address. Only when we've verified that the email comes from the correct account should we issue a new password.

Comments?

_________________

[ img ]


Top
Profile Quote
truehobbit
Post subject:
Posted: Sun 08 May , 2005 1:09 am
WYSIWYG
Offline
 
Posts: 3228
Joined: Wed 27 Oct , 2004 6:37 pm
Location: wherever
 
First let me add some :oops: :oops: :oops: where they belong! :oops:

Thanks so much for your help with that, Prim! :hug:

I was pretty panicky when I realised what might have happened, so when I saw you online I grabbed you first thing. :blackeye

I guess if I had been on IM contact with holby before, so that it would only have been the usual window coming up, there'd have been no need to worry. Or if holby had a yahoo ID in his profile, to compare the ID to.
But as it was, it could have been anybody, getting themselves the username of a member here for a yahoo ID and ask for a password.

So, yes, verifying (in all cases, just to make sure) by asking for an e-mail from the addy used to register here is an excellent idea, I think! :)

And now it's really time for bed - excitement enough for one day, too! :blackeye

_________________

From our key principles:

We listen to one another, make good-faith efforts to understand one another, and we treat one another respectfully at all times.


Top
Profile Quote
Voronwë_the_Faithful
Post subject:
Posted: Sun 08 May , 2005 1:45 am
Offline
 
Posts: 5170
Joined: Thu 10 Feb , 2005 6:53 pm
Contact: Website
 
:hug: for Prim and Hobby. Sorry I wasn't there to help out.


Top
Profile Quote
Primula_Baggins
Post subject:
Posted: Sun 08 May , 2005 2:11 am
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
Ah, but we solved it with immense cleverness and now feel very pleased with ourselves, as we would not if you had taken care of it. :devil:

_________________

[ img ]


Top
Profile Quote
laureanna
Post subject:
Posted: Sun 08 May , 2005 4:29 pm
Triathlete
Offline
 
Posts: 2711
Joined: Wed 26 Jan , 2005 2:08 am
Location: beachcombing
 
Don't get too puffed up. ;)

You could have simply gone into user management and changed the password yet again (and not told anyone what it was) until you contacted Holby by email. That, too, would have locked him, and whomever, out of B77 until his identity was verified, without having to change all the permissions. Or you could have changed his username to something else. Or changed his preferred language to Korean. Or ... do I sound devious? :devil:

_________________

Well, I'm back.


Top
Profile Quote
Primula_Baggins
Post subject:
Posted: Sun 08 May , 2005 5:35 pm
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
Well, he was actually online at the time. So if he'd been Evil Not-Holby, he would already be in a position to do damage. Otherwise the password change is a good idea—

. . . although, as it turned out Holby's sign-up email addy was an account he apparently rarely checks. That may be true for many people who don't want their RL email on the board.

_________________

[ img ]


Top
Profile Quote
truehobbit
Post subject:
Posted: Sun 08 May , 2005 8:26 pm
WYSIWYG
Offline
 
Posts: 3228
Joined: Wed 27 Oct , 2004 6:37 pm
Location: wherever
 
laureanna wrote:
Or changed his preferred language to Korean.
Goooooood one! =:)

Good point about people using a special e-mail addy here, Prim - it might mean that they wouldn't know with which on they signed up, if we asked them to use it (I know that I don't always know with which addy I registered somewhere).

Hmmmh, so what if someone doesn't remember? We could ask them about the secret handshake... ;)

I guess in such a case I'd just send a mail from all my likely addies.

Thanks for the hugs, Voronwe! :hug:

_________________

From our key principles:

We listen to one another, make good-faith efforts to understand one another, and we treat one another respectfully at all times.


Top
Profile Quote
Primula_Baggins
Post subject:
Posted: Sun 08 May , 2005 9:04 pm
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
Hobby, you can see the email address if you go to your Profile. Only on your own, of course, unless you go through the Admin Panel.

_________________

[ img ]


Top
Profile Quote
truehobbit
Post subject:
Posted: Mon 09 May , 2005 11:06 pm
WYSIWYG
Offline
 
Posts: 3228
Joined: Wed 27 Oct , 2004 6:37 pm
Location: wherever
 
Not when you're not logged in! ;)

And that would be people's problem to start with, here! :D

_________________

From our key principles:

We listen to one another, make good-faith efforts to understand one another, and we treat one another respectfully at all times.


Top
Profile Quote
Primula_Baggins
Post subject:
Posted: Tue 10 May , 2005 1:51 am
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
:oops: Right. . . . You probably already know this , but I am one of those people who tries to turn on the lights in the garage so I can see the circuit breaker box when the power goes out.

Well, presumably they had to get int touch with us to tell us of the problem, so we could reply saying "use your Hotmail account" or whatever—not the address, but enough of a hint that people ought to be able to remember that they have the account and which one it is!

_________________

[ img ]


Top
Profile Quote
Primula_Baggins
Post subject:
Posted: Thu 23 Jun , 2005 1:27 pm
Living in hope
Offline
 
Posts: 7291
Joined: Sat 29 Jan , 2005 5:54 pm
Location: Sailing the luminiferous aether
 
Bumping this to remind me that I want to add a section on dealing with problems to the How-to, and this is one of the problems.

_________________

[ img ]


Top
Profile Quote
Display: Sort by: Direction:
Post Reply   Page 1 of 1  [ 11 posts ]
Return to “Business Room”
Jump to: