Hi site owners,
I wanted to just mention that it is odd that account owners are not asked to provide an answer to a secret question from a list of questions. And, or provide a secret passphrase that only the original account owner could know. Who is this secret for? For the Admins to use to ask, in the event an account owner lost the PW, or an e-mail issue came up, and otherwise ack as another form of proof of who we are.
In the unlikely event someone say has afatal HD crash and tossing the dead HD, real life, or somehow otherwise forgets the password, they then need to make a new account to contact one of the admins to ask for help. And, if for any reason the person asking for help, can not provide proof of who they are... Then in effect the admins here trying to avoid social engineering may have just helped it along, without menaing to of course.
Also you provide no means to contact via an online form page, or an e-mail contact with out the need to create an account. This also has the side effect of allowing social engineering to take place. Again without meaining this to happen.
Becasue say I did prove who I was, and access to my old account was granted, you now have my old account along with the new one just to ask for help.
I do know that no one means to ID a person online can't be expected to be reasonable, in the case that old equipment is sold, or tossed and or no longer used. And, or someone simply forgets a password and can't recall it for any reasons.
I would like to see that a better method to help avoid needless accounts being made, if adding one or two extra steps in an account sign up process can better avoid those issues. It may not be perfect also, but it is sure better than what is currently in use.
FireDart
PS:
Just trying to help, and provide reasonable solutions to a possible problem. People deserve more than one means to ID who they are, and depenmding on information that can change on our end is NOT the best option. It is possible to make the secret information a one time enter then it locks to our access, and can even require a different password to lock and unlock it, in case it needs to be updated by the account owner.
Maybe this is just a simple select the feature behind the scenes and turning it on, and or it requires some extra code. In either event, the idea of expecting people to be able to ID themselves based on one methond only of ID online is silly. Add that extra level of ID, and provide people the chance to better ID themselves in case the current method used is not the most effective.
Just an idea... Better personal ID to Avoid
Lost passwords are sent to the email account that created the forum account. Though not perfectly secure, the admins probably have a good list of other things to do first that would help us a lot more. TBH, I'm not totally sure how easy this would be, Thalgor has forbidden any mods the the forum.
TB
TB
[18:48] <Imago> dont take me seriouslyspideycw wrote:QUOTE (spideycw @ Nov 28 2008, 02:50 PM) All the retards are contained in one squad mostly (System X)
If your HD crashed fatally, your email address is still good and valid. An admin would simply reset your password and email the new one to the email address on file for the callsign in question.FireDart wrote:QUOTE (FireDart @ Feb 18 2008, 10:12 AM) In the unlikely event someone say has afatal HD crash and tossing the dead HD, real life, or somehow otherwise forgets the password, they then need to make a new account to contact one of the admins to ask for help.
All of the ZLs have a @FreeAllegiance.org email address under the names of our primary callsigns. You can email me without creating a new forum or ASGS account and your password will be reset.FireDart wrote:QUOTE (FireDart @ Feb 18 2008, 10:12 AM) Also you provide no means to contact via an online form page, or an e-mail contact with out the need to create an account. This also has the side effect of allowing social engineering to take place. Again without meaining this to happen.
There is no shortage of accounts in either ASGS or our forums. Creating new ones does not cause any harm and is indeed not necessary if all that has happened is you have forgotten your password. You do need a forum account, however, if you need to post or read the Helpline.FireDart wrote:QUOTE (FireDart @ Feb 18 2008, 10:12 AM) I would like to see that a better method to help avoid needless accounts being made, if adding one or two extra steps in an account sign up process can better avoid those issues. It may not be perfect also, but it is sure better than what is currently in use.
These suggestions do not solve the "problem", only offset it. What happens if you forget that 2nd password? Or that 2nd ID? Okay so make a 3rd to protect the 2nd. But what if you forget the 3rd?FireDart wrote:QUOTE (FireDart @ Feb 18 2008, 10:12 AM) Just trying to help, and provide reasonable solutions to a possible problem. People deserve more than one means to ID who they are, and depenmding on information that can change on our end is NOT the best option. It is possible to make the secret information a one time enter then it locks to our access, and can even require a different password to lock and unlock it, in case it needs to be updated by the account owner.
Maybe this is just a simple select the feature behind the scenes and turning it on, and or it requires some extra code. In either event, the idea of expecting people to be able to ID themselves based on one methond only of ID online is silly. Add that extra level of ID, and provide people the chance to better ID themselves in case the current method used is not the most effective.
There are currently two ways of confirming your identity to an admin, and the 2nd method has only been used twice ever (to my knowledge). Basically it comes down to this:
If you forget your ASGS password, a new one will be emailed to the address used to create your callsign. If you're about to counter this with the following argument..."But what if that email address has been compromised! Someone could then be reading it to obtain the new password! Also, emails aren't sent encrypted so someone COULD sniff it within my school/work/apartment's network!!"
then... if someone is reading your email then you have much bigger problems than your ASGS callsign. This is a videogame. Go deal with your bank/investment/paypal/credit card accounts first - they're far more important.
--TE
The Allegiance community currently hates their sysadmin because he is doing: [Too Much] [____________|] [Too Little]
Current reason: Removing the PayPal contribute page. Send Bitcoin instead: 1EccFi98tR5S9BYLuB61sFfxKqqgSKK8Yz. This scale updates regularly.
Thank you, TE.
"if someone is reading your email then you have much bigger problems than your ASGS callsign. This is a videogame. Go deal with your bank/investment/paypal/credit card accounts first - they're far more important."
You assume that I am arguing, I am not. Also you assume I am saying or going to claim someone is reading my information. Well, you assumed wrong.
Actually TE, this is what I would have replied with next, if you had replied to me on my other account...
OK, was easier to say my HD died on me instead of talk about this... It is not the most easy of things to talk about for me.
At the time when I was using KiteGeek, I was also trying to resolve this chronic pain issue I have in my left SI Joint. No treatments to that point worked, so my Dr's placed me on one antidepressant, and when that one failed failed to bring relief to the chronic pain, we tried another one. You might think I was depressed, as pain can do that to people, it has not so far done this to me. However, even as I told my Dr's things are not working, and that my thoughts that we did not want started to come up. They would change to a different antidepressant, of course only one at a time. It would take about 6 months for this, and about five different types of antidepressants. Then something happened that took all of my Dr's, and me by surprise, and it left me in an accidently medically induced bipolar episode, where I ended up over 90 miles from home lived outdoors for two day and two nights, lastly with myself in the hospital until stable.
Well some days before I broke, I came online and changed all of my passwords to all of my online accounts, and I changed the email as well to most of them.And had not accessed things for a while. After getting home a few days later got a newer computer, and thus formatted my new HD and am not sure if I am using it, or if it is being used in my wife's computer. Things are a little blurry at that time for me.
When I created my other account I was also using a new browser to me, that saved my PW information. Well guess what? I was tweaking my Opera Browser and deleted the file that contained that information. Also, I was still being heavily medicated that caused me to forget my own name, let along things online, and writing things down was not something I did then. Thankfully, I am off of all of those medicines at this time, and I have recovered.
You can look up Opera and see that this browsers saved PW information can't be viewed again other than the website it connects to... Not the actual password, like you can do in Fire Fox. Well I recovered that file and was able to get back on in that account. That was when I decided to ask for your help, as that was also the time I realized Opera does not allow me the ability to see that information again. It was much easier to explain a dead HD than it is the above medical condition, as I feel a lot of shame from it.
As I had explained (in PM's) the email account was deleted due to inactivity, well now you know why. I could not get it recovered. I also provided you (PM) an email that no-one here knew about that was the original one used for the KiteGeek account, unless other people can see those, you are the only one to know that email account. Sadly it is no longer active, I had used sense 2002.
At no time have I mentioned packet sniffing issues, and or other means to hack into email or other online accounts. And, I agree with you, that if people have those types of issues, then an online game account is the least someone's worries.
As for my forgetting the information about my accounts, well I can't at this point recall it, and or provide any other means to prove who I am. I mean Mort of SRM is the only other person I can say can 100% confirm I am Kite (KiteGeek), as we communicated on Gmail, also deleted for the same issues noted above. He provided me with information he would know was sent to me by him. However, I don't think Mort's conformation would be accepted. I don't even know if Mort is online any more, and or reachable. As when the Gmail account was deleted I lost his contact information. And, no I had thought of writing it down, as I never expected my mental capabilities to be so compromised that I would spend so much time away from access to those accounts, resulting in them being deleted, forgotten, and or not written down.
I did attempt to see if I could contact Thal, not to complain. Rather I wanted to mention something he would know we talked about in a PM a while ago. When BV was kind enough to explain you are the man, when it comes to running the boards. I told him thanks for that information, and waited for your reply.
But, that is all besides the point, I just wanted to say that it's cool between us, and I am fine starting anew.
I was just offering some site feedback and nothing more. As rare as it has been for this board to confront this issue, you mention that it has been twice this issue has come up... Well, it might be a one time issue a medical issue got involved. One that is a bit hard to explain, and even harder to understand when its being done online... It is not the type of topic that pops up as often as say a dead HD, and or forgotten PW, just because I am a dork.
As for your kind concern about my online financial accounts, no need to worry about those.
I admit I missed the email contact information, and thank you for stating that for me. As well for the other information you posted.
One last thing, I am glad to see that your doing better after having the flu.
Thanks TE, for the reply.
Z Geek of Kites,
KiteGeek
"if someone is reading your email then you have much bigger problems than your ASGS callsign. This is a videogame. Go deal with your bank/investment/paypal/credit card accounts first - they're far more important."
You assume that I am arguing, I am not. Also you assume I am saying or going to claim someone is reading my information. Well, you assumed wrong.
Actually TE, this is what I would have replied with next, if you had replied to me on my other account...
OK, was easier to say my HD died on me instead of talk about this... It is not the most easy of things to talk about for me.
At the time when I was using KiteGeek, I was also trying to resolve this chronic pain issue I have in my left SI Joint. No treatments to that point worked, so my Dr's placed me on one antidepressant, and when that one failed failed to bring relief to the chronic pain, we tried another one. You might think I was depressed, as pain can do that to people, it has not so far done this to me. However, even as I told my Dr's things are not working, and that my thoughts that we did not want started to come up. They would change to a different antidepressant, of course only one at a time. It would take about 6 months for this, and about five different types of antidepressants. Then something happened that took all of my Dr's, and me by surprise, and it left me in an accidently medically induced bipolar episode, where I ended up over 90 miles from home lived outdoors for two day and two nights, lastly with myself in the hospital until stable.
Well some days before I broke, I came online and changed all of my passwords to all of my online accounts, and I changed the email as well to most of them.And had not accessed things for a while. After getting home a few days later got a newer computer, and thus formatted my new HD and am not sure if I am using it, or if it is being used in my wife's computer. Things are a little blurry at that time for me.
When I created my other account I was also using a new browser to me, that saved my PW information. Well guess what? I was tweaking my Opera Browser and deleted the file that contained that information. Also, I was still being heavily medicated that caused me to forget my own name, let along things online, and writing things down was not something I did then. Thankfully, I am off of all of those medicines at this time, and I have recovered.
You can look up Opera and see that this browsers saved PW information can't be viewed again other than the website it connects to... Not the actual password, like you can do in Fire Fox. Well I recovered that file and was able to get back on in that account. That was when I decided to ask for your help, as that was also the time I realized Opera does not allow me the ability to see that information again. It was much easier to explain a dead HD than it is the above medical condition, as I feel a lot of shame from it.
As I had explained (in PM's) the email account was deleted due to inactivity, well now you know why. I could not get it recovered. I also provided you (PM) an email that no-one here knew about that was the original one used for the KiteGeek account, unless other people can see those, you are the only one to know that email account. Sadly it is no longer active, I had used sense 2002.
At no time have I mentioned packet sniffing issues, and or other means to hack into email or other online accounts. And, I agree with you, that if people have those types of issues, then an online game account is the least someone's worries.
As for my forgetting the information about my accounts, well I can't at this point recall it, and or provide any other means to prove who I am. I mean Mort of SRM is the only other person I can say can 100% confirm I am Kite (KiteGeek), as we communicated on Gmail, also deleted for the same issues noted above. He provided me with information he would know was sent to me by him. However, I don't think Mort's conformation would be accepted. I don't even know if Mort is online any more, and or reachable. As when the Gmail account was deleted I lost his contact information. And, no I had thought of writing it down, as I never expected my mental capabilities to be so compromised that I would spend so much time away from access to those accounts, resulting in them being deleted, forgotten, and or not written down.
I did attempt to see if I could contact Thal, not to complain. Rather I wanted to mention something he would know we talked about in a PM a while ago. When BV was kind enough to explain you are the man, when it comes to running the boards. I told him thanks for that information, and waited for your reply.
But, that is all besides the point, I just wanted to say that it's cool between us, and I am fine starting anew.
I was just offering some site feedback and nothing more. As rare as it has been for this board to confront this issue, you mention that it has been twice this issue has come up... Well, it might be a one time issue a medical issue got involved. One that is a bit hard to explain, and even harder to understand when its being done online... It is not the type of topic that pops up as often as say a dead HD, and or forgotten PW, just because I am a dork.
As for your kind concern about my online financial accounts, no need to worry about those.
I admit I missed the email contact information, and thank you for stating that for me. As well for the other information you posted.
One last thing, I am glad to see that your doing better after having the flu.
Thanks TE, for the reply.
Z Geek of Kites,
KiteGeek
Last edited by FireDart on Tue Feb 19, 2008 4:01 pm, edited 1 time in total.
New SF Member... :)p
-
Malicious Wraith
- Posts: 3170
- Joined: Sun Jul 16, 2006 12:51 am
Whoah. I dont think I have had that much fun reading a post for a long time.
Good recounting of your episode. It really had me interested.
Good recounting of your episode. It really had me interested.
IG: Liquid_Mamba / FedmanUnknown wrote:[Just want] to play some games before Alleg dies for good.
I don't want that time to be a @#(!-storm of hate and schadenfreude.
-
Malicious Wraith
- Posts: 3170
- Joined: Sun Jul 16, 2006 12:51 am
.
Last edited by Malicious Wraith on Wed Feb 27, 2008 9:16 pm, edited 1 time in total.
IG: Liquid_Mamba / FedmanUnknown wrote:[Just want] to play some games before Alleg dies for good.
I don't want that time to be a @#(!-storm of hate and schadenfreude.