in reply to Deleting Accounts

How would deleting the account help any? Someone could create another account in the same name and the state would be the same as if someone stole your password. Locking the account makes more sense, and avoids the issue of orphaned posts.

Replies are listed 'Best First'.
Re^2: Deleting Accounts
by ssandv (Hermit) on Jul 30, 2009 at 19:21 UTC
    Deleting the account prevents collateral damage from using the same password in multiple places. Locking wouldn't solve it, but he could have changed his password to something he doesn't use anywhere else when he abandoned the account. Though, I have to admit, I probably wouldn't think of that (but I never delete accounts on places I don't go anymore, either.)
[reply]
      That's solved by clearing the account's password field when locking it. The absence of a password could even be the flag that indicates an account is locked.
[reply]

      Using the same password for all your online accounts in like using the same key for your house, car, office, bank deposit box, mail box, bike lock, etc, etc, etc and then leaving a copy of the key with every manager of every service and letting unknown third parties by the dozen tool the copies for you. No one in their right mind would consider doing that. I wish people would take a little more conscientious responsibility for their online lives too.

      That said, I agree that deleting/locking is a good idea and of course it's quite sad that a place like this where everyone actually does know better was still keeping clear passwords at all. I'm not personally particularly worried about it because I have different passwords for every one of 100+ sites I have accounts. Anyone who doesn’t is inviting disaster. Some hackers don't announce their hacks. Some sites don't report, or even necessarily ever know about, security breaches.

[reply]
        No one in their right mind would consider doing that. I wish people would take a little more conscientious responsibility for their online lives too.

        In a perfect world everyone would do as you suggest. In an even more perfect world those 100+ passwords would be changed periodically. However, you will be fighting human nature every step of the way. The vast majority of people will not track and manage anywhere near 100 passwords.

        I was once involved in a study of user habits. Not only were passwords extensively reused, but most were derived from:

        • date or year of birth
        • child/spouse/pet name
        • organization/department/profession/job title

        While I agree with your sentiments and applaud your diligence, short of threatening extreme bodily harm, getting most users to practice good password management is probably a lost cause, even among those who should know better.

        btw: s/hackers/crackers/

[reply]
Re^2: Deleting Accounts
by jdhedden (Deacon) on Jul 30, 2009 at 19:46 UTC
    If the 'gods' don't want to delete accounts, then make it such that a 'defunct' account doesn't have a password any more. And for accounts without password, make it so that they can't log in. That's at least better than what there is now.

    Also, for 'defunct' accounts, wipe out all the user information (e.g., email address) so that can't be compromised either.

[reply]

In Section Perl Monks Discussion