Fix 'Change E-mail' in My Settings

[AndyDufresne]

Suggestion Idea: Change where the activation link of the e-mail is sent

Specifics: Change where the activation link of the e-mail is sent, so it goes to the original e-mail address as opposed to the new one.

Why it is needed: As it is right now, if someone happened to get on your account they could essentially 'steal' by changing your password and changing the e-mail (so you can't forgot password and get the password they changed it to). They can do this because when you try to change an e-mail, it sends out an activation link the *NEW* e-mail address, which the 'thief' has access to. If the activation link was sent to the *ORIGINAL* e-mail address, this would cause the person to also have to get into your e-mail account to change the e-mail in the My Settings page, and added wrinkle of protection.

This essentially makes it so if your account does get 'stolen', you have a better chance at easily getting it back, since you can 'Forgot Password' and get the new password sent to the e-mail.


--Andy

[lackattack]

You make a good point. However, the problem with sending an activation link to the old account is that sometimes people are changing their email because the old account no longer exists

[AndyDufresne]

I was talking with Twill earlier, and he mentioned that perhaps you could set it to:

"If bounce (sent to the old e-mail and it is no longer working) then send to the new e-mail."

This would solve that problem...and the fix would still relatively protect people from account stealing.


--Andy

[lackattack]

I don't know how to do the "if bounce" part

[cena-rules]

or why not have change e-mail

old e-mail
new e-mail
confirm new e-mail


so it has to be written in.

This prevents hackers on the site

for family like benjikat ummmmmmm

[jennifermarie]

good idea...a lot easier to program too probably...

[lackattack]

That won't help - a hijacker can figure out your current email address and type it in. We do need to show people their current email address in case they aren't sure / forget.

[lackattack]

The new email address must get an activation link to cuz I want everyone to have a valid email. What I could do is send a notice to the old email so at least you'll know someone is messing with you. But you'd find out anyways once the hijacker changes your password.

[wicked]

Could you set a security question before making account changes?

[Coleman]

It seems that besides cena only moderation is interested in this?

Oh well, I have nothing useful to say except that this could probably be moved to a moderation only forum for more feedback if it is needed.

Edit: Nevermind, all the mods are finding it just fine where it is.

[AndyDufresne]

It's a public suggestion, hence the reason it's here.

But perhaps as wicked suggested, a security question? But then you get people forgetting that...and then wanting the answer sent to the e-mail...

It's a cycle!


--Andy

[wicked]

Make it so the user decides their own question. I hate the places where you can only use their questions, like my bank, who asks the name of my elementary school. Hello, I went to five different ones!

[cena-rules]

I like that idea.

Why am I the only non-mod interested in this

[AndyDufresne]

It isn't a flashy, sexy suggestion...that is perhaps the reason.


--Andy

[wicked]

It isn't a flashy, sexy suggestion

You've been hanging around lack too much!

[mrdexter]

i agree with wicked about the security question, because everyone who knows me IRL would know those answers I always hit a random bunch of keys, hence no security.

Much better to write your own.

Although a mail to the old address advising of the change and advising that if it was not you that requested the change you should mail support@ and an enforced period before the password can also be changed.

[lackattack]

I don't want to force everyone to enter a security challenge question/answer.

[mrdexter]

ok so the second part of my above post then. When you change email it fires a mail to the old address too with a contact for if you didn't request this. Also when the email address has been changed force a wait of 48 hours or whatever before a password change can be made and vice versa.

[wicked]

I don't want to force everyone to enter a security challenge question/answer.

Make it optional? I personally wouldn't use it.

[Russianfire8371]

The new email address must get an activation link to cuz I want everyone to have a valid email. What I could do is send a notice to the old email so at least you'll know someone is messing with you. But you'd find out anyways once the hijacker changes your password.

You could send the messege with the new password and/or the new e-mail that it was changed to. The new one should be activated, but the old e-mail could have a link that would deactivate the new e-mail and change the password to something random that would be e-mailed to your old account.

Example:

Bill started playing and signed up using billy@bob.jo with the password "imahippopotumous". He plays and all of the sudden he can't sign in. He checks his e-mail and sees that his e-mail was changed to Laughs@yourmoms.com, his password was changed to "ihackedyou" and underneath those, a statement saying "If this is not your new e-mail or password click the link below". Bill never tampered with anything, so he clicks on the link, which leads him to a page that says that all new e-mail accounts have been deactivated and a new password has been e-mailed to the old account. He checks his e-mail and sees that he has recieved another e-mail that gives him a randomized password, "IwNtY0".


Also, you could add another link that would be clicked to turn the new e-mail address into the "Current" e-mail address, where the new e-mail would recieve the warning e-mails when the password or e-mail changes again.


I hope that makes sence

[Twill]

Rusianfire, that's an interesting suggestion.

Lack, for the "if bounce" option:

Could you code a unique ID code to the subject line, if you get an email bounced back, check for the ID, log it and send it out to the new address.

How do other sites do it, we can't be the only people with this problem

Twill

[insomniacdude]

I like that idea.

Why am I the only non-mod interested in this

I don't see the need in the suggestion. No matter what system we come up with there's going to be a problem with potential account-hijacking. This system is simple enough that any other changes wouldn't make substantial enough of a change to justify the work, IMO.

But hey, I'm not a staff, and they seem to have their interests piqued, so I guess I'm wrong.

[lackattack]

I have to agree with insomniacdude, this isn't worth the effort and complexity.

[rebelman]

I have to agree with insomniacdude, this isn't worth the effort and complexity.

was thinking along the same lines outside of one high profile instance (benji) this is not really a problem (if it is it hasn't been publicised). I suggest putting it down towards the bottom of the to do list but does not merit any priority.

[BENJIKAT IS DEAD]

Seeing as "I" seem to have prompted this!! I may as well respond too.

I do not think it is a problem either, although a simple solution would be to have an optional security question for the paranoid that could be used via the manual e-ticket system. - i.e. could be accessed by a mod manually when requested to reset a hacked account. It would have to be free text for both the question and the answer - although yet again, where family is involved, the answer would be known to most questions anyway.

My case is also very unusual as my wife asked me what I thought the best way of putting the account out of my reach - and this is what I came up with. The account has to be activated into the new email address - in this case I believe that is controlled by my sister-in-law!!

PS nice to know I'm "high profile"!