Re^2: Requiring old password in order to change your password

I wasn't planning on implementing the annoying multiple "What was the mascot of the first car where your favorite pet's maiden name's favorite sport first met their favorite superhero?" questions.

This is a programming site so we may be able to go with some more high-tech solutions. For example, let you paste a public key to store in your account so you can save your private key whatever places you like with as strong or weak of a pass-phrase as you like and get access to change your password by correctly signing a random challenge message. Though, I'm disappointed at how non-obvious it is which commands to use to sign a message with a private key. So that might not be viable enough, sadly.¹

¹ I'd love to set up a virtual machine with sshd running on it. The "I forgot my password" page would prep the machine for your account and give you it's current IP address and port number. Just log in to that machine with your user_id as login name using your private key and you'd be prompted to enter your new password. When it comes to things that you can do with a private key, using ssh seems the most widely and easily accessible. :)

I'd also really like to be able to have two e-mails. I've many times experienced losing access to an e-mail account suddenly and unexpectedly (changing jobs is the most common example but I've also had my private e-mail service provider just go out of business suddenly and unexpectedly) or just didn't realize that I was using that old e-mail address. Having a second e-mail address registered greatly reduces the risk of me ending up with no accessible e-mail address when I realize that I need it.

There are two competing concerns about these backups to your account password: 1) Making it possible to get back into your account despite you having forgotten your password (the "experts" tell you to not write it down, after all) and having lost access to other items (and not requiring human administrator intervention), 2) Keeping it hard for somebody to steal your account from you and also possible for you to steal it back.

For example, (2) inspired somebody to suggest that you should be required to enter your (old) password to be able to change your e-mail address. But I think that thwarts a too-common case of (1) (at least for now). Instead, I'd like changing the e-mail to trigger an e-mail to the old address that includes a URL that can be used to regain control of the account for a limited span of time. But that presents a problem after somebody has hijacked your account and changed the e-mail address when you try to regain control and change the e-mail back.

- tye

Comment on Re^2: Requiring old password in order to change your password

Replies are listed 'Best First'.
Re^3: Requiring old password in order to change your password by ambrus (Abbot) on Jan 02, 2011 at 11:24 UTC
It might also help if the gods issued official policies and recommendations about how they would treat accounts with lost passwords. So far, we only have evidences from individual cases instead of general statements in the FAQ.	[reply]
Re^3: Requiring old password in order to change your password by Xilman (Hermit) on Jan 02, 2011 at 22:03 UTC
I wasn't planning on implementing the annoying multiple "What was the mascot of the first car where your favorite pet's maiden name's favorite sport first met their favorite superhero?" questions. I wasn't suggesting you should. My suggestion is that you keep two other items on file: a string chosen by the user which is displayed on the account recovery page and another string which is compared against what the user enters after the first string is displayed. The first string would most likely be a question but need not. If I want my question to be "What is your mother's maiden name?" then it's my choice to have a response which is probably easily guessable. If my first statement is "The universe is" and the expected response is "purely 42itous" then, again, it's my choice to have something which I may be unlikely to remember five years later. It makes no difference to you whether either or both strings are meaningful and/or relevant, all you have to do is display one and check the other. I hope this clarifies my proposal.	[reply]