What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » Forum & Website » Password Reset Bug.

Password Reset Bug.
Author: Message:
Nathan
Veteran Member
*****

Avatar
Yeah, "large dimensions" ;)

Posts: 2984
Reputation: 76
– / Male / Flag
Joined: Apr 2005
O.P. Password Reset Bug.
I wanted to reset my Nathan account, because I forgot my p/w. So I used the forgotten password tool. But it sent me emails about account ghostie and spammer. I don't remember making these account, but I could of. Either way it should not reset password (or send the link) for all 3 accounts, right WDZ?
Touch Innovation - touch friendly programs/applications for the windows mobile!


11-23-2009 12:49 PM
Profile E-Mail PM Web Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: Password Reset Bug.
Its a crappy system and sends emails to all accounts registered under that email.
11-23-2009 02:32 PM
Profile E-Mail PM Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: Password Reset Bug.
quote:
Originally posted by matty
Its a crappy system and sends emails to all accounts registered under that email.
Because it doesn't know which account you forgot the password for. :p

If the form only asked for a username, someone could send me a password reset email without even knowing the address I registered with, which is kinda dodgy. And if it came up with a list of usernames associated with an email address, that would be a privacy issue because there's currently no other way to search for members by email address. :p
11-23-2009 03:52 PM
Profile PM Web Find Quote Report
blessedguy
Skinning Contest Winner
*****


Posts: 1762
Reputation: 25
31 / Male / Flag
Joined: Jan 2008
RE: Password Reset Bug.
It wouldn't be bad to have a custom security question plus username :)
[Image: Empty.png]
11-23-2009 04:22 PM
Profile PM Web Find Quote Report
Mnjul
forum super mod
******

Avatar
plz wub me

Posts: 5396
Reputation: 58
– / Other / Flag
Joined: Nov 2002
Status: Away
RE: Password Reset Bug.
Why not asking for both username and e-mail address, and only send the reset e-mail only when the input e-mail address matches that in the database for the username?

This post was edited on 11-23-2009 at 04:59 PM by Mnjul.
11-23-2009 04:59 PM
Profile PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: Password Reset Bug.
quote:
Originally posted by blessedguy
custom security question
No. Whoever invented security questions should be shot.

quote:
Originally posted by person who should be shot
Hey, if you forgot your password you could just access your account with a second password which is easier to guess or socially engineer.

I always randomly hit my keyboard if a service requires you set up a secret question/answer. If the ever make me answer the question the service wasn't worth using in the first place.
Finish the problem
Menthix.net | Contact Me
11-23-2009 06:29 PM
Profile E-Mail PM Web Find Quote Report
toddy
Veteran Member
*****

Avatar
kcus uoy

Posts: 2573
Reputation: 49
– / Male / Flag
Joined: Jun 2004
RE: Password Reset Bug.
its a good thing tbh, help you to remember all your accounts (a)
11-23-2009 07:30 PM
Profile PM Find Quote Report
Lou
Veteran Member
*****

Avatar

Posts: 2475
Reputation: 43
– / Male / Flag
Joined: Aug 2004
RE: Password Reset Bug.
quote:
Originally posted by WDZ
quote:
Originally posted by matty
Its a crappy system and sends emails to all accounts registered under that email.
Because it doesn't know which account you forgot the password for. :p

If the form only asked for a username, someone could send me a password reset email without even knowing the address I registered with, which is kinda dodgy. And if it came up with a list of usernames associated with an email address, that would be a privacy issue because there's currently no other way to search for members by email address. :p
You could very easily have a "click this link to set a new password" link if they just input the username. Thus, if you get it, and it wasn't you, you can click the report link, or do nothing at all. :undecided: I don't think entering a username is such a bad idea.
[Image: msghelp.net.png]
The future holds bright things in it\\\'s path, but only time will tell what they are and where they come from.
Messenger Stuff Forums
11-23-2009 07:33 PM
Profile PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: Password Reset Bug.
I'm surprised you are allowing multiple accounts on a single emailaddress anyway :o.
Finish the problem
Menthix.net | Contact Me
11-23-2009 08:47 PM
Profile E-Mail PM Web Find Quote Report
toddy
Veteran Member
*****

Avatar
kcus uoy

Posts: 2573
Reputation: 49
– / Male / Flag
Joined: Jun 2004
RE: Password Reset Bug.
quote:
Originally posted by Menthix
I'm surprised you are allowing multiple accounts on a single emailaddress anyway :o.
there is nothing in the rules saying u can't have multiple accounts
11-23-2009 08:51 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On