Re^2: Email security for monks?

The proposal was to not allow you to change your e-mail address unless you can enter your old (current) e-mail correctly; making your e-mail address a bit like a second password.

A problem with this is that it needs to address the unlikely situation of someone not remembering what their old e-mail address was. Or, more likely, when someone enters their e-mail address incorrectly and doesn't notice and so can never change their e-mail address again.

This is the same reason why I haven't made it so you have to enter your old password in order to change your password.

Perhaps you should be required to enter at least two of your password, e-mail address, and "real name" in order to be able to change (or see) any of them?

And it'd be nice if we had a solution for the "I forgot my password and I no longer have that e-mail address" problem.

At least we no longer output the password in the HTML when you edit your home node.

- tye

Comment on Re^2: Email security for monks?

Replies are listed 'Best First'.
Re^3: Email security for monks? by jepri (Parson) on Oct 04, 2004 at 14:36 UTC
I would like to see an option for users to upload their public PGP/GPG key. It's the sort of situation that public key crypto was designed for - I can give every site my public key, and it can't be 'stolen'. Fair enough that moves the problem from "I forgot my password" to "I lost my private key", but people tend to take more care of their private key. (I'm sure you know this, I'm just going for a bit of an expository ramble here :) e.g. I really wish I had of uploaded my public key to perlmonk.org since I've changed my password and forgot to note it down in my top secret "net passwords" file. Now I've gotta do exactly what the top poster said - convince jcwren that I'm not some yahoo trying to hijack an account. And as for the forgetting the email address problem - it does happen. I've been on the web long enough that I have accounts on servers where the email address is now invalid due to me moving ISPs - perlmonks is one of those (I'd better go fix it now). ___________________ Jeremy I didn't believe in evil until I dated it.	[reply]
Re^4: Email security for monks? by opqdonut (Acolyte) on Oct 05, 2004 at 19:04 UTC
What a good idea! I wonder if asymmetric key authentication could be implemented on perlmonks and other sites like slashdot so I wouldn't have to care about passwords. I've always thought that rsa (or PGP) key authentication is the way to go, passwords are such a bother :) J	[reply]