我已经部署了一个新功能，使你能够找回丢失的用户名或密码。 要重置丢失的账户密码，你需要用户名和任何付款或发票ID（位于你每月收到的电子邮件或在注册时）。 在账户被激活之前，这对账户不起作用...
Not wanting to change my password, I didn’t try this, but what does it mean to “reset a lost account password”? After entering the necessary information, is one able to then set a new password or is a random one generated and emailed to the address on the account?
Only suggestion I would have is an option to either disable this feature for my account or have the emails containing both the invoice ID’s and (if used) newly generated passwords encrypted to a PGP public key that we could upload.
This is pretty funny timing since if you look at IRC logs on Nov 11 (5 days ago), I could be seen saying this:
15:12 < tierra|w> I’m actually happy caker doesn’t have a scripted option for if you forget your password…for something as serious as this, that’s one less option open for someone to get access to my account
But yes, I have to agree with zibeli2 on this one.
[quote:269e827244=”caker”]I’ve deploy a new feature that enables you to retrieve a lost username or lost password. To reset a lost account password, you’ll need the username and any payment or invoice ID (which are located on the emails you receive each month or during signup). This will NOT work for accounts until they are activated…
Let me know if you have any suggestions.[/quote]
The ability to disable this feature would be nice. My payments, invoices, etc., get mailed to my email account.. which is on my linode. If I couldn’t access my linode this wouldn’t work anyway, if I could access my linode I probably wouldn’t need it. But the larger issue is that it removes the ‘safety’ net I have on my linode, in that if my linode is compromised I can just use the control panel to recover (new partition and installation, single-user mode, etc). Having my server means you’ll have my email, and with the ‘auto-recovery’ via email information, that’d mean you have my linode account as well.
Just my “suggestion” 🙂 I know you can’t always make everyone happy.
I’d HIGHLY suggest you set your contact email to something OTHER than your linode … that seems kinda a bad idea in general.
[quote:6b38262fc8=”Jay”]I’d HIGHLY suggest you set your contact email to something OTHER than your linode … that seems kinda a bad idea in general.[/quote]
i know. i know. 😕 all of the contact information for various domains need to point somewhere beside the domain itself.. and they shouldn’t be pointing to other accounts on the same mail server (or dns) as the orginal domain. likewise my linode, which host my domain, needs to have it’s contact information pointing somewhere else.. like my gmail account. and my gmail account can’t have it’s secondary email account (for lost passwords) pointing back to the orginal domain, so the backup to my gmail account (where all domain, hosting, etc. information needs to go) needs another email account incase i lose the password to it. it’d probably be safe not to have a backup account to the third email account, because in order for me to lose the gmail account i’d have to forget it’s password and forget the backup email account’s password (assuming that any of these services don’t have any problems with lost mail, disabled accounts, hacked accounts, etc).. and of course i can’t setup mail forwarding or fetchmail on any of them to point back to the first account (my domain) or the whole thing is pointless, so i’ll need to check the other email accounts often.
…. i know. i know. 😕 i shouldn’t be using the same account, i’ve just been avoiding the issue. But thanks for harassing me, it’ll serve as the motivation i’ve been needing to actually do something about this.