|P is for Practical
Re: Requiring old password in order to change your passwordby Xilman (Hermit)
|on Dec 30, 2010 at 22:48 UTC
Sounds good to me and I'm looking forward to the temporary URL solution
Last year I ran into a problem where not only had I forgotten my password, the on-file email address had evaporated five years previously. I wanted to register for a conference in a series for which I had previously been sponsored by my then employer. Fortunately, the conference organizers had kept my previous registration details and I was able to provide them with enough information that they could check my identity to their satisfaction. The traditional way of doing that, of course, is to provide a secondary key to the account, triggered by the asking of a subsidiary question. The question and its answer are kept on-file by the supplier of the account. Will this mechanism be used here, or are you planning some other solution to guard against email address expiry?
Paul(Minor edits to fix a spelling mistak and remove a superfluous word word)