Comments | howtosupport: GUNK Tutorial - Validation and Password Retrieval

leora in howtosupport

GUNK Tutorial - Validation and Password Retrieval

Dec 15, 2002 18:59

An unvalidated account cannot leave comments. However, it can retrieve its password. In fact, if it doesn't have the email handy, it has to in order to get validated ( Read more... )

Comments 6

emmavescence December 15 2002, 20:07:06 UTC

is this still true for transitioning people? person lists address foo@bar.com, but doesn't validate it. they don't validate any other address, and so they can retrieve their password to foo@bah.com, or if they have the password, they can log in and change the email address to a correct one, and have the validation mail sent to, say, foobar@foobar.com. foo@bar.com will never have been validated, so the password cannot be sent to foo@bar.com until it is validated.

person with foobar@foobar.com validated then changes their address to be example@somewhere.com. that's the currently listed address, but they can't have the password sent to example@somewhere.com until it is validated. if they still have access to foobar@foobar.com, they can have the password sent there, and then they can validate their new address.

am i horribly confused or were you not referring to transitioning people?

leora December 15 2002, 20:39:35 UTC

Transitioning shouldn't make any difference:
You can always have the password sent to the currently listed address.

You can always validate your currently listed address if you have access to it.

However if you list A, don't validate, change to B, validated or not, you cannot get your password sent to A.

Re: emmavescence December 16 2002, 07:05:24 UTC

aha, i see. i can't tell if i've been getting it wrong for the last year, but will come back to this when i can think more clearly.

ruakh December 15 2002, 20:39:59 UTC

I just tested, and it works perfectly well for transitioning people.

volantwish December 16 2002, 17:03:23 UTC

If the user has lost access to both the password and all previously validated addresses and the current email address, then it's a lost cause.

what would you recommend saying to such people?

leora December 16 2002, 17:07:21 UTC

Generally something along the lines of:
For security reasons you can only retrieve your password from the currently listed email address and any previously validated email address. Should you be unable to gain access to any of those email accounts and cannot remember your password, you may wish to get a new account. New accounts can be created...