Question about accounts with invalid email addresses

Fiiasco

full member

Activity: 224

Merit: 100

Quote from: Bizmark13 on March 17, 2015, 01:05:08 AM

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

You should definitely change your email address now, just in case that we move the forum anytime soon.

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

Quote from: R2D221 on March 21, 2015, 11:15:07 PM

Quote from: GoodMerchant on March 21, 2015, 10:56:35 PM

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

Probably they will put a short message saying to change email and put a link to thread. Also, this might also be available. IMHO it is better not to give access to passwords.

Quote from: theymos on March 17, 2015, 04:21:43 PM

=snip= A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

R2D221

hero member

Activity: 658

Merit: 500

Quote from: GoodMerchant on March 21, 2015, 10:56:35 PM

Quote from: R2D221 on March 17, 2015, 03:03:04 PM

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

GoodMerchant

newbie

Activity: 52

Merit: 0

Quote from: R2D221 on March 17, 2015, 03:03:04 PM

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

Quote from: guitarplinker on March 21, 2015, 11:15:47 AM

Quote from: R2D221 on March 17, 2015, 03:03:04 PM

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

AFAIK they use same algorithm, SHA-256.

Quote from: theymos on February 25, 2015, 11:00:35 AM

The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.

guitarplinker

legendary

Activity: 1694

Merit: 1024

Quote from: R2D221 on March 17, 2015, 03:03:04 PM

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

Bizmark13

sr. member

Activity: 462

Merit: 250

WikiScams.org - Information about Bitcoin Scams

Quote from: theymos on March 17, 2015, 04:21:43 PM

To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

Ah, OK thanks for that answer. I did change my email address to a valid one as a precautionary measure.

The secondary method would probably be quite useful for a lot of members here, I would think. Since the forums don't currently enforce the use of a valid email address, I suspect many people might no longer be able to access their old email address or they might have signed up using an invalid one.

Looking forward to seeing the new forum up and running soon.

theymos

administrator

Activity: 5166

Merit: 12850

To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

R2D221

hero member

Activity: 658

Merit: 500

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

Quote from: kcud_dab on March 17, 2015, 05:50:31 AM

Quote from: Muhammed Zakir on March 17, 2015, 05:41:24 AM

So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Source?

Sorry! I will try to put source when posting something like this.

Quote from: taesup on February 25, 2015, 07:33:51 PM

As a confirmation, we're working really hard to make sure as much of the data is carried over. The only thing we can't carry over is passwords, so when you first log on to the new forum, you'll need to set a new password.

This will probably be done over email so make sure the email you have registered with THIS forum is your email and not ... say a burner email account like mailinator or something like that.

kcud_dab

legendary

Activity: 1652

Merit: 1000

Bitcoin enthusiast!

Quote from: Muhammed Zakir on March 17, 2015, 05:41:24 AM

So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Source?

Muhammed Zakir

hero member

Activity: 560

Merit: 506

I prefer Zakir over Muhammed when mentioning me!

Create a new email address and use it for this forum. It can be similar to your username if you are doing any sort of business here.

Quote from: Decksperiment on March 17, 2015, 01:10:12 AM

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

No. Slickage team can't access to passwords. So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Chijio

full member

Activity: 126

Merit: 100

Quote from: Bizmark13 on March 17, 2015, 01:05:08 AM

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

i guess it will be safe if you create new email address for your active accounts just in case the migration happens..

Decksperiment

sr. member

Activity: 630

Merit: 250

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

Bizmark13

sr. member

Activity: 462

Merit: 250

WikiScams.org - Information about Bitcoin Scams

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

Topic: Question about accounts with invalid email addresses (Read 1885 times)