VPS so if it's down then the e-mail password
> reset function would be no good to me anyway.
Same for me. But I could use a random other email account and sign using=
=20
a pre-arranged crypto key.
On Sun, 8 Jul 2012, Nigel Rantor wrote:
> Given that I think it is reasonable to expect people who turn it off to=
=20
> perform some extra work to ensure they can be authenticated if the worst=
=20
> happens and they lose private keys, forget pass-phrases etc.
Ultimately, it is possible to lose access to most credentials (e.g., lost=
=20
VPS, normal email out of action, lost private keys / passphrases).
Re-identification is hard, and I guess the question is really one of how=20
much is required, or if the user is willing for it to happen at all.
> I do like the idea of asking the customer to send you a set amount using =
the=20
> account they last used to pay for the service itself.
But only if they haven't moved accounts (okay, it's been some years since=
=20
I moved banks, but I know some who change every year or two).
On Sun, 8 Jul 2012, Gavin Westwood wrote:
> I like this idea and second the not using stock questions. The number
> of websites where I have had to put my mother's maiden name and name of
> [...]
I can never remember what I wrote for most of these question-answer=20
combinations=E2=80=A6 I find them relatively useless as a recovery mechanis=
m.
On Sun, 8 Jul 2012, Andy Parkins wrote:
> In short: paranoia. Disabling password reset implies a level of security=
=20
> that should be maintained. It's saying "I take full responsibility for t=
he=20
> password to this VPS, and if I lose it, I accept that I may never get acc=
ess=20
> again".
Perhaps the control panel could offer a range of options covering
different tastes/tolerances from indifferent to very paranoid. But
that makes it all very complicated.
So my end suggestion is:
- Hold a list of OpenPGP keys that are authorised for
resets/recovery, via the panel.
- As well as the "Allow password reset" switch, add two more, one for
reset via OpenPGP keys, and a final one so that the user can state
that they never want any other mechanism using (i.e., if they lose
their password, etc they "accept that I may never get access
again"). Probably need to make that last one jump through some
confirmation hoops....
For those who are prepared to accept other reidentification, a
combination of government ID combined with fresh photos plus some form
of bank transaction would be reasonable. Stick it on the policy page
and link it against that last switch.
(Aside: Has Bitfolk had any instances of customers being
incapacitated (or dying) and relatives needing to recover access to
the VPS? E.g., if it's used for domestic email?)
Cheers,
Phil.
--=20
Phil Brooke OpenPGP key: 0x2F0EC78A
--8323328-709820376-1341839178=:3156--
From andy@??? Mon Jul 09 15:10:48 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1SoFbr-0003cR-K1
for users@???; Mon, 09 Jul 2012 15:10:47 +0000
Date: Mon, 9 Jul 2012 15:10:47 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20120709151047.GW11695@???>
References: <20120707130537.GA11695@???>
<201207081645.39704.andyparkins@???>
<1207091331520.3156.UDXSUCGA%phil-bitfolk-users@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="8QM4kKE+nfbBA4vJ"
Content-Disposition: inline
In-Reply-To: <1207091331520.3156.UDXSUCGA%phil-bitfolk-users@???>
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Mon,
09 Jul 2012 15:10:47 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd1.lon.bitfolk.com
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-ASN:
X-Spam-Status: Yes, score=5.9 required=5.0 tests=ADVANCE_FEE_3_NEW, HK_SCAM_N2,
NO_RELAYS shortcircuit=no autolearn=disabled version=3.3.1
X-Spam-Report: * 3.8 HK_SCAM_N2 BODY: HK_SCAM_N2
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 2.1 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 15:10:49 -0000
--8QM4kKE+nfbBA4vJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Phil,
On Mon, Jul 09, 2012 at 02:06:18PM +0100, Phil Brooke wrote:
> On Sat, 7 Jul 2012, Andy Smith wrote:
> >Today a customer popped up on IRC saying that they had broken their
> >VPS and couldn't remember their account details in order to use the
> >console / rescue VM.
> >[=E2=80=A6]
>=20
> As some others have replied, I'd be unhappy with the use of utility
> bills.
Yeah as I already said I've taken that on board and won't be doing
it again. Which means that everyone who has currently disabled email
password resets needs to be really sure about that.
> Perhaps the control panel could offer a range of options covering
> different tastes/tolerances from indifferent to very paranoid. But
> that makes it all very complicated.
What I am going to do is talk to just the customers who have
disabled email password resets and come up with some process that
suits the majority of them.
I don't mind discussing things amongst the wider customer base but I
feel like we are getting mired down in suggested processes which
will only ever apply to hypothetical other people. On this, I'd
rather consult with the people it is more likely to affect.
The chances of just one method being suitable for everyone are
small, so I imagine there's going to have to be several levels and
an incredibly tedious fallback strategy for a customer who claims to
have lost ability to satisfy any of the other checks.
> (Aside: Has Bitfolk had any instances of customers being
> incapacitated (or dying) and relatives needing to recover access to
> the VPS? E.g., if it's used for domestic email?)
Yes. A customer died, so I took legal advice and came up with a
policy.
In the UK, if there is a will then the matter has to be dealt with
by an executor of the deceased's estate, and I need to see an
original copy of the death certificate.
If there is no will then a photocopy of the death certificate is
acceptable.
=46rom the death certificate I am able to confirm (by phoning the
registrar) that the individual actually has died, there is or isn't
a will, and next of kin is as claimed.
Assuming no will, I can then hand over the deceased's property to
the next of kin. If there is a will I am not 100% sure what happens
but I imagine it requires the executor to tell me if the contents of
the VPS are mentioned or not, and then do what they say.
This is roughly the same process that UK banks follow when an
account holder dies. I didn't really feel like it was worth
documenting that on the web site as it seemed a bit morbid, but
policy exists.
I don't know what the process would be if an overseas customer died
because I don't know the relevant laws, what their death
certificates look like, who I contact, etc. I'm happy enough to wait
until that happens and find out then.
Note that if the deceased's VPS continues to run or if I can boot it
and make it run, then there is no reason why it can't keep running
as long as someone pays for it. I don't really need to care who is
paying for it as long as they do. It's mainly giving access to the
data inside the VPS that is the issue.
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--8QM4kKE+nfbBA4vJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEUEAREDAAYFAk/69HcACgkQIJm2TL8VSQtoMgCg7u/yO4pcB2dv6LJ84YBMWu14
Fd8AmOY8PiArxOjSQyZpZzAYhO9Wj/o=
=BEwB
-----END PGP SIGNATURE-----
--8QM4kKE+nfbBA4vJ--
From phil@??? Mon Jul 09 15:51:15 2012
Received: from [2001:ba8:1f1:f2a1::2] (helo=zircon.org.uk)
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <phil@???>) id 1SoGF1-0005eu-5o
for users@???; Mon, 09 Jul 2012 15:51:15 +0000
Received: from cpc2-midd5-0-0-cust267.11-1.cable.virginmedia.com
([82.7.225.12] helo=alcor.scm.tees.ac.uk)
by zircon.org.uk with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <phil@???>)
id 1SoGEp-0005CR-9y; Mon, 09 Jul 2012 16:51:04 +0100
Date: Mon, 9 Jul 2012 16:50:55 +0100 (BST)
From: Phil Brooke <phil-bitfolk-users@???>
To: users@???
In-Repl
