Author

Topic: Question about accounts with invalid email addresses (Read 1905 times)

full member
Activity: 224
Merit: 100
I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

You should definitely change your email address now, just in case that we move the forum anytime soon.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

Probably they will put a short message saying to change email and put a link to thread. Also, this might also be available. IMHO it is better not to give access to passwords.

=snip= A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.
hero member
Activity: 658
Merit: 500
They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?
newbie
Activity: 52
Merit: 0
They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?
It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

AFAIK they use same algorithm, SHA-256.

The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.
legendary
Activity: 1694
Merit: 1024
They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?
It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.
sr. member
Activity: 462
Merit: 250
To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

Ah, OK thanks for that answer. I did change my email address to a valid one as a precautionary measure.

The secondary method would probably be quite useful for a lot of members here, I would think. Since the forums don't currently enforce the use of a valid email address, I suspect many people might no longer be able to access their old email address or they might have signed up using an invalid one.

Looking forward to seeing the new forum up and running soon. Smiley
administrator
Activity: 5222
Merit: 13032
To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.
hero member
Activity: 658
Merit: 500
They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.
Source?

Sorry! I will try to put source when posting something like this.

As a confirmation, we're working really hard to make sure as much of the data is carried over. The only thing we can't carry over is passwords, so when you first log on to the new forum, you'll need to set a new password.

This will probably be done over email so make sure the email you have registered with THIS forum is your email and not ... say a burner email account like mailinator or something like that.
legendary
Activity: 1652
Merit: 1002
Bitcoin enthusiast!
So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.
Source?
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Create a new email address and use it for this forum. It can be similar to your username if you are doing any sort of business here.

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

No. Slickage team can't access to passwords. So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.
full member
Activity: 126
Merit: 100
I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

i guess it will be safe if you create new email address for your active accounts just in case the migration happens..
sr. member
Activity: 630
Merit: 250
If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?
sr. member
Activity: 462
Merit: 250
I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?
Jump to: