8 Jul
2012
8 Jul
'12
11:58 a.m.
Hi Andy,
On Sat, July 7, 2012 2:05 pm, Andy Smith wrote:
Today a customer popped up on IRC saying that they had
broken their
VPS and couldn't remember their account details in order to use the
console / rescue VM.
Unfortunately they had also at some point in the past disabled
email password reset, so they were unable to regain access.
My e-mail is hosted on my VPS so if it's down then the e-mail password
reset function would be no good to me anyway.
Of course, that's not your fault so I make sure that I don't forget my
access credentials. If, for whatever reason, that doesn't work out I would
be happy for you ask questions about personal details you hold about me in
order to verify my identity.
I suppose the issue with this approach is that currently you might not
hold all that much info, and that that info might be easily discoverable
by a third party (e.g. address) so perhaps the control panel could allow
users to enter a question and answer that only they could know? I'm
thinking along the lines of 'What make was your first computer' type of
thing but this bit is key: let the user decide the question so they can
make it as secure (private/obscure) as they like as some of the stock
questions often asked are usually quite weak (e.g. mother's maiden name).
For what it's worth, I'm not keen on the methods suggested that could take
time to complete and carry other restrictions e.g. coded bank payments,
Skype calls, scanned utility bills etc and would prefer following the KISS
principle as much as possible.
Regards,
Mathew