[aur-general] Registering, misspelling email, losing account

David Kaylor dpkaylor at gmail.com
Sun Jul 26 21:42:55 UTC 2015 

And I just top posted, like a fool.

On Sun, Jul 26, 2015 at 5:41 PM, David Kaylor <dpkaylor at gmail.com> wrote:

> Wow, with a name ending in Morozov, you sure doth protest to much.
>
> On Sun, Jul 26, 2015 at 4:29 PM, Daniel Micay <danielmicay at gmail.com>
> wrote:
>
>> On 26/07/15 04:01 PM, Igor Morozov wrote:
>> >
>> > That's right, I messed up. Instead of typing fastmail.com, I typed
>> > fastmai.com. And now there is no way I can access my account. The only
>>
>> > option is to send an email to this mailing list describing my problem
>> > and hope that somebody will help me out. Basically, that's what I'm
>> > doing right now.
>>
>> Okay, so it can ask the user to provide the same email in two fields.
>>
>> It could treat an unconfirmed account as a temporary placeholder and
>> replace it if registration is done again for the same username.
>>
>> It shouldn't be possible to log in without confirming the email unless
>> all of the actions (voting, submitting packages, commenting, etc.)
>> beyond editing account information are gated on whether the account is
>> registered.
>>
>> > People tend to make mistakes. I'm not the only one who messed up during
>> > registration. And there is no easy way to get our account back. Mailing
>> > list is not the best option for account recovery. What if the misspelled
>> > email exists and the owner decides to proceed and register? What if the
>> > owner decides to do nasty things using my username, full name and email
>> > that looks alike? That would affect my reputation in the community since
>> > it's difficult to prove that I was not the bad guy.
>> > The usual "account activation" prevents this stuff. A lot of web sites
>> > do not automatically log user in after account confirmation, so it kind
>> > of prevents malicious activity (the bad guy doesn't know the password,
>> > you see).
>>
>> Someone could have just created a fake account before you did, so it's
>> really not an issue related to the confirmation design.
>>
>> > And by the way, the fact that you can use an unused (not registered)
>> > email in account recovery and not get any errors is frustrating. Took me
>> > 8 hours to realize that it says "okay", even though the email is not in
>> > use. Please, do something about it!
>>
>> Emails aren't received instantly, so there's no error to report during
>> registration.
>>
>>
>

More information about the aur-general mailing list