Author Message

zoztruc

Rank 0
Joined
05 Sep 2008
Posts
24
Location
Paris France
PostedJan 09, 2013 5:15 am
Back with my old account Very Happy !

Lastly... in fact it seems there was a problem with my temporary new account, that I declared with the same email address than that of the old one Rolling Eyes

Well... thanks a lot to you Lyyrian and pask81 for supporting me during this long long, so long ordeal Laughing
Advertisement

pask81

Rank 5
pask81
Joined
27 Sep 2008
Posts
5048
Location
Avellino Italy
PostedJan 10, 2013 5:29 am
Gratz! I'm happy your account is back Very Happy

billdoor

Rank 5.1
billdoor
Joined
05 Aug 2008
Posts
6412
Location
Foldereid Norway
PostedJan 10, 2013 5:32 am
zoztruc wrote:
Lastly... in fact it seems there was a problem with my temporary new account, that I declared with the same email address than that of the old one Rolling Eyes  

Yeah, seems they do that with everyone who reclaims accounts that were locked like yours were. Happened to me on three accounts, and I would think that having the password reset link sent to the NEW email address that is supposed to be associated with the account would be the logical thing for Aeria to do just in case the old email had been compromised or no longer was accessible. But no.

Suspending accounts due to security measures and then sending password reset info to potentially compromised email addresses once the ownership of the account and a new email to associate it with has been confirmed ... somehow that doesn't add up as "safe" to me. That's like lecturing kids on safety in traffic and then jumping red lights while driving them home.

Way to go, Aeria.

But gratz on getting your account back, zoztruc.

SeasonsEnd/MadManMoon/Uigeadail - retired from Shaiya as of May 10th 2014.

pask81

Rank 5
pask81
Joined
27 Sep 2008
Posts
5048
Location
Avellino Italy
PostedJan 10, 2013 5:46 am
billdoor wrote:
zoztruc wrote:
Lastly... in fact it seems there was a problem with my temporary new account, that I declared with the same email address than that of the old one Rolling Eyes  

Yeah, seems they do that with everyone who reclaims accounts that were locked like yours were. Happened to me on three accounts, and I would think that having the password reset link sent to the NEW email account that is supposed to be associated with the account would be the logical thing for Aeria to do just in case the old email had been compromised or no longer was accessible. But no.

Suspending accounts due to security measures and then sending password reset info to potentially compromised email addresses once the ownership of the account and a new email to associate it with has been confirmed ... somehow that doesn't add up as "safe" to me.

Way to go, Aeria.

But gratz on getting your account back, zoztruc.  


Billdor I have an enormous consideration of you and everything you say... but here you are saying something just wrong.

The reset password link can only be bound to old email address and not with a new email address for wich Aeria doesn't have any info. If it is not in this way, everyone can change the password of everyone other Confused

It is true that the email address could have been changed by an hacker or even been compromised, but it is still safer in this way.

If you want to get the password reset to another email address you need use ticket so you can first proof you are who you are saying you are (and the account belongs to you) and then GM can send the password reset to the new email address you choose.

billdoor

Rank 5.1
billdoor
Joined
05 Aug 2008
Posts
6412
Location
Foldereid Norway
PostedJan 10, 2013 5:50 am
pask81 wrote:
billdoor wrote:
zoztruc wrote:
Lastly... in fact it seems there was a problem with my temporary new account, that I declared with the same email address than that of the old one Rolling Eyes  

Yeah, seems they do that with everyone who reclaims accounts that were locked like yours were. Happened to me on three accounts, and I would think that having the password reset link sent to the NEW email account that is supposed to be associated with the account would be the logical thing for Aeria to do just in case the old email had been compromised or no longer was accessible. But no.

Suspending accounts due to security measures and then sending password reset info to potentially compromised email addresses once the ownership of the account and a new email to associate it with has been confirmed ... somehow that doesn't add up as "safe" to me.

Way to go, Aeria.

But gratz on getting your account back, zoztruc.  


Billdor I have an enormous consideration of you and everything you say... but here you are saying something just wrong.

The reset password link can only be bound to old email address and not with a new email address for wich Aeria doesn't have any info. If it is not in this way, everyone can change the password of everyone other Confused

It is true that the email address could have been changed by an hacker or even been compromised, but it is still safer in this way.

If you want to get the password reset to another email address you need use ticket so you can first proof you are who you are saying you are (and the account belongs to you) and then GM can send the password reset to the new email address you choose.  

pask, I share the mutual respect, but I ask you to kindly look to the Recover a lost account form, where you are specifically asked to provide a new email address for the account. Why would you be asked about a new email address to associate with the account and then have the password reset info sent to the old one? This info is only sent when ownership of the account has been sufficiently confirmed to Aeria.

Edit 1: Not to mention that if the account was ALREADY compromised by the time of it being locked, the person wrongfully accessing the account would surely alter the email address as his/her first action when first accessing it in order to get the password reset info sent when the original owner sent his recovery ticket.

As a case in point, a guildie of mine had his account hacked about year and a half ago. The person who had gained unlawful access to the account had associated a new email address with the account before it was locked. My guildie sent the required information to have the account restored to him, and the GMs managed THREE times in a row to send the password recovery info to the hacker, because they somehow failed to register the new email address to be associated with the account. When they finally got it right, the account had been stripped to the bone. To the credit of the GMs, they managed after three weeks to restore just about everything that was lost on his account.

Edit 2: In the cases of my three accounts, all replies from Aeria regarding the confirmation of my account ownership were sent to the new email addresses provided, and when the matter was settled, the password reset info was still sent to the old email addresses which supposedly were no longer to be associated with the accounts.

Edit 3: I remember when I was a nub GS and got one of my first cases of hacked accounts and brought it to GM attention. The GM told me: "tell him to provide us with another email address for his account." Me, not being quite up to speed, replied: "Sure, but why would he need a new email for the account?" GM: "Think it through, SE..." Me, penny finally dropping: "Aaah, I see..."

SeasonsEnd/MadManMoon/Uigeadail - retired from Shaiya as of May 10th 2014.

pask81

Rank 5
pask81
Joined
27 Sep 2008
Posts
5048
Location
Avellino Italy
PostedJan 10, 2013 11:09 am
I was thinking about the "forgot password" link https://www.aeriagames.com/user/pass_request and I agree the password reset (after verification of info) should be sent to the "new email address"

Display posts from previous:   Sort by: