Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: Email security for monks?

by tye (Cardinal)
on Oct 04, 2004 at 03:35 UTC ( #396104=note: print w/ replies, xml ) Need Help??


in reply to Re: Email security for monks?
in thread Email security for monks?

The proposal was to not allow you to change your e-mail address unless you can enter your old (current) e-mail correctly; making your e-mail address a bit like a second password.

A problem with this is that it needs to address the unlikely situation of someone not remembering what their old e-mail address was. Or, more likely, when someone enters their e-mail address incorrectly and doesn't notice and so can never change their e-mail address again.

This is the same reason why I haven't made it so you have to enter your old password in order to change your password.

Perhaps you should be required to enter at least two of your password, e-mail address, and "real name" in order to be able to change (or see) any of them?

And it'd be nice if we had a solution for the "I forgot my password and I no longer have that e-mail address" problem.

At least we no longer output the password in the HTML when you edit your home node.

- tye        


Comment on Re^2: Email security for monks?
Re^3: Email security for monks?
by jepri (Parson) on Oct 04, 2004 at 14:36 UTC
    I would like to see an option for users to upload their public PGP/GPG key. It's the sort of situation that public key crypto was designed for - I can give every site my public key, and it can't be 'stolen'.

    Fair enough that moves the problem from "I forgot my password" to "I lost my private key", but people tend to take more care of their private key.

    (I'm sure you know this, I'm just going for a bit of an expository ramble here :)

    e.g. I really wish I had of uploaded my public key to perlmonk.org since I've changed my password and forgot to note it down in my top secret "net passwords" file. Now I've gotta do exactly what the top poster said - convince jcwren that I'm not some yahoo trying to hijack an account.

    And as for the forgetting the email address problem - it does happen. I've been on the web long enough that I have accounts on servers where the email address is now invalid due to me moving ISPs - perlmonks is one of those (I'd better go fix it now).

    ___________________
    Jeremy
    I didn't believe in evil until I dated it.

      What a good idea! I wonder if asymmetric key authentication could be implemented on perlmonks and other sites like slashdot so I wouldn't have to care about passwords.

      I've always thought that rsa (or PGP) key authentication is the way to go, passwords are such a bother :)


      J

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://396104]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2014-07-13 06:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (247 votes), past polls