Afrodude Posted October 29, 2023 Posted October 29, 2023 (edited) I have noticed that the IPS system is missing very important information and option whenever you set the Standard login "Authentication Type" to "Email Address" only. There's no option in case a member forgot his email address, and this is very import point especially IPS will be removing Display name login in v5. But still this option is needed in v4 whenever the community set to email address only to login. Perhaps force members to add security questions / answers in order to view their email address. Edited October 29, 2023 by Afrodude
Randy Calvert Posted October 29, 2023 Posted October 29, 2023 That would seem to be what Contact Us link would be good for. 🙂 If they don’t remember or have access to email, that would be a problem regardless of display name vs email. In general, because a user would be using it more often to login… they would be less like to forget or.
Afrodude Posted October 29, 2023 Author Posted October 29, 2023 @Randy Calvert Yes, exactly. However, I usually check that email to see who has submitted anything using the "contact us" link. For members who have forgotten their email address, I also provide an alternative way that involves making a new account and sending a private message to a staff member so they can verify their claim. However, this method is more involved and requires more time. Nevertheless, to make things go more quickly and smoothly, an automated system is required.
Randy Calvert Posted October 29, 2023 Posted October 29, 2023 (edited) I guess I’m lost as to what could be done here… If someone forgets their email, what is there that could be automated for recovery in a safe/secure fashion? When someone creates an account, there is a display name, an email address and a password that is collected. If someone does not remember their email address, what good is it to send an email to that address for them to verify? It’s most likely an old address they don’t remember using or would know to check or even potentially have access to. They would have already tried the address they know and most commonly used in the original attempts. And if you create a system to say my display name is X and here’s the email address we have for it…you negate the entire reason for having the display name be different than the login method. (It would also potentially be able to be exploited to extract email addresses for attackers or spammers.) And if you have them create a new account, how do you prevent someone from abusing it to steal another account. I create a new account and claim that I’m really the long term member! Now you have an unhappy user who has lost control of their account and someone else using it. There is nothing that is automated that could stop someone from stealing an account if they can’t verify the info provided at registration. They might be able to prove it to a human based on looking at things like past IP/location info, writing style, etc… but IP and geo are not good tools to use in an automated fashion. But regardless… my guess is this would be most likely better in the feedback forum as there is not any sort of functionality to automate the process today. Edited October 29, 2023 by Randy Calvert
Afrodude Posted October 29, 2023 Author Posted October 29, 2023 33 minutes ago, Randy Calvert said: If someone forgets their email, what is there that could be automated for recovery in a safe/secure fashion? Despite I've addressed one in my first post, I'll go over the other possibilities. Add a phone number as a recovery. Add recovery email address. Add security questions / answers. 43 minutes ago, Randy Calvert said: I create a new account and claim that I’m really the long term member! Now you have an unhappy user who has lost control of their account and someone else using it. There is nothing that is automated that could stop someone from stealing an account if they can’t verify the info provided at registration. They might be able to prove it to a human based on looking at things like past IP/location info, writing style, etc… but IP and geo are not good tools to use in an automated fashion. This is why I said in many situations this method is more involved and requires more time. 45 minutes ago, Randy Calvert said: But regardless… my guess is this would be most likely better in the feedback forum as there is not any sort of functionality to automate the process today. You may be correct, however on the majority of forums these days, IPS prohibits inactive clients from starting new threads or leaving comments. DawPi 1
Marc Posted October 30, 2023 Posted October 30, 2023 This isn't really something new. This would indeed be what the contact form would be for. The same issue would apply regardless of us removing displayname login Afrodude 1
Afrodude Posted November 2, 2023 Author Posted November 2, 2023 (edited) @Marc Stridgen I understand that this the only option to do so, but as most of platforms such as Facebook, Google, and Microsoft you don't use contact us to restore your account email address. Moreover, consider how much time the staff members who are monitoring and confirming claims made by users that they are the owner of the account would save when you have an automated system in place to do so. Edited November 2, 2023 by Afrodude
Marc Posted November 3, 2023 Posted November 3, 2023 Please feel free to post this up as a suggestion within our feedback area
Randy Calvert Posted November 3, 2023 Posted November 3, 2023 Marc, he can’t because he does not have an active license. I think this topic will need moved.
Marc Posted November 3, 2023 Posted November 3, 2023 8 minutes ago, Randy Calvert said: Marc, he can’t because he does not have an active license. I think this topic will need moved. Sorry, you are quite right. I hadnt noticed that there
Recommended Posts