잃어버린 사용자 이름이나 잃어버린 암호를 검색할 수 있는 새 기능을 배포했습니다. 잃어버린 계정 암호를 재설정하려면 사용자 이름과 결제 또는 송장 ID(매월 수신하는 이메일 또는 가입 중에 있음)가 필요합니다. 이 작업이 활성화될 때까지 계정이 작동하지 않습니다.
이메일 주소가 더 이상 유효하지 않은 경우 firstname.lastname@example.org로 이메일 주세요
당신에게 어떤 제안이 있는 경우 알려주세요.
Not wanting to change my password, I didn’t try this, but what does it mean to “reset a lost account password”? After entering the necessary information, is one able to then set a new password or is a random one generated and emailed to the address on the account?
Only suggestion I would have is an option to either disable this feature for my account or have the emails containing both the invoice ID’s and (if used) newly generated passwords encrypted to a PGP public key that we could upload.
This is pretty funny timing since if you look at IRC logs on Nov 11 (5 days ago), I could be seen saying this:
15:12 < tierra|w> I’m actually happy caker doesn’t have a scripted option for if you forget your password…for something as serious as this, that’s one less option open for someone to get access to my account
But yes, I have to agree with zibeli2 on this one.
[quote:269e827244=”caker”]I’ve deploy a new feature that enables you to retrieve a lost username or lost password. To reset a lost account password, you’ll need the username and any payment or invoice ID (which are located on the emails you receive each month or during signup). This will NOT work for accounts until they are activated…
Let me know if you have any suggestions.[/quote]
The ability to disable this feature would be nice. My payments, invoices, etc., get mailed to my email account.. which is on my linode. If I couldn’t access my linode this wouldn’t work anyway, if I could access my linode I probably wouldn’t need it. But the larger issue is that it removes the ‘safety’ net I have on my linode, in that if my linode is compromised I can just use the control panel to recover (new partition and installation, single-user mode, etc). Having my server means you’ll have my email, and with the ‘auto-recovery’ via email information, that’d mean you have my linode account as well.
Just my “suggestion” 🙂 I know you can’t always make everyone happy.
I’d HIGHLY suggest you set your contact email to something OTHER than your linode … that seems kinda a bad idea in general.
[quote:6b38262fc8=”Jay”]I’d HIGHLY suggest you set your contact email to something OTHER than your linode … that seems kinda a bad idea in general.[/quote]
i know. i know. 😕 all of the contact information for various domains need to point somewhere beside the domain itself.. and they shouldn’t be pointing to other accounts on the same mail server (or dns) as the orginal domain. likewise my linode, which host my domain, needs to have it’s contact information pointing somewhere else.. like my gmail account. and my gmail account can’t have it’s secondary email account (for lost passwords) pointing back to the orginal domain, so the backup to my gmail account (where all domain, hosting, etc. information needs to go) needs another email account incase i lose the password to it. it’d probably be safe not to have a backup account to the third email account, because in order for me to lose the gmail account i’d have to forget it’s password and forget the backup email account’s password (assuming that any of these services don’t have any problems with lost mail, disabled accounts, hacked accounts, etc).. and of course i can’t setup mail forwarding or fetchmail on any of them to point back to the first account (my domain) or the whole thing is pointless, so i’ll need to check the other email accounts often.
…. i know. i know. 😕 i shouldn’t be using the same account, i’ve just been avoiding the issue. But thanks for harassing me, it’ll serve as the motivation i’ve been needing to actually do something about this.