First, writing passwords down is considered poor security. Do you have any online banking or credit card passwords written down? It's better to use a password filler or eWallet that encrypts everything. That way remembering one password allows you to access them all.Big-Jim wrote: Look, if I join a forum I write down my username, password and whatever other information I had to give, in 3 different places. First off, I write the information on a note and tape it to the bottom shelf on my computer desk so it hangs down and I can read it at a glance. Second, I write it down in a little notebook that sits on one of the shelves of the computer desk. Third, I type it into a Word document whose file name is "Web-Site-Passwords" and that way if necessary I can always print out all the information from the different websites I go to. It only takes about 2 minutes to do this. I also make back-ups of my hard drive just in case of a catastrophe.
Theirs, of course. Does that mean that people shouldn't be helpful? By your logic, OnStar shouldn't provide remote unlocking for people who locked their keys in the car.Big-Jim wrote: Now think about it for a minute. If I didn't do the things I mentioned above and I forget my username or password and am not able to access a forum, whose fault is it?
Wow, just wow. Just because somebody doesn't work the same way that you do doesn't make them stupid in other areas. In fact, I could argue that writing passwords down is stupid, too.Big-Jim wrote: To sum this up, in plain English, if someone isn't intelligent enough to write down his/her username and password, then I would not want that person on my forum anyway. I would prefer my forum to have reasonably intelligent members who are capable of discussing whatever issues that are being discussed at the time rather than have members who lack the intelligence to write down their username and password when they join a forum.
Not necessarily. I've noticed that in other reports, but was told that just means that's the earliest release that it may be worked on. If it doesn't get fixed in that release, they'll just bump it to the next release.Albert Wiersch wrote:[...]besides, it seems this has already been implemented in an upcoming update, if I am understanding it right (3.0.11-RC1 and 3.1-A1 ):
http://tracker.phpbb.com/browse/PHPBB3-10432
When you are at home using your home computer and you have security issues, then you have a lot more serious problems than not being able to access a forum. By the way, I don't do online banking so there is nothing to write down for that.Pony99CA wrote:First, writing passwords down is considered poor security. Do you have any online banking or credit card passwords written down? It's better to use a password filler or eWallet that encrypts everything. That way remembering one password allows you to access them all.
If I am not at my home computer and want to access a forum, I should already know my username and password. But if for some reason I don't know it, then I will wait until I get home and look it up. Accessing a forum is not something that is a life or death issue. My notebook stays at home right where it belongs.Pony99CA wrote:Second, what happens if you're not at your computer and want to browse the forum? Do you take that notebook with you everywhere?
How you can compare OnStar with this situation is beyond me. OnStar is a paid service, a service for which people pay quite a bit of money for every year. OnStar will unlock your car for you because that is one of the services you are paying them for. So how do you figure a paid service like OnStar is the same thing as this?Pony99CA wrote:Theirs, of course. Does that mean that people shouldn't be helpful? By your logic, OnStar shouldn't provide remote unlocking for people who locked their keys in the car.
What possible difference could it make whether the change takes 2 minutes or 2 days? This would affect only a tiny fraction of the people who visit his forum, people who really should know better in the first place.Pony99CA wrote:You talk about using developer resources to do this, but requiring only one of the two items is probably only a few lines of code.
You can argue that writing down passwords is stupid if you want to, but the thing is, if you have problems remembering things, then you need to write them down. I am not saying you should write your password or username on a sticky note and attach it to the bottom of your mouse pad at work. That would be silly, anyone in the office would be able to lift the mouse pad and get your username and password. But if you write it down and stick it in your wallet, then nobody is going to find out your password unless you lose your wallet, and if you lose your wallet, you will have more serious problems than a lost password.Pony99CA wrote:Wow, just wow. Just because somebody doesn't work the same way that you do doesn't make them stupid in other areas. In fact, I could argue that writing passwords down is stupid, too.
That's interesting... thanks for the info. At least they must think it's a good idea, I hope.Pony99CA wrote:Not necessarily. I've noticed that in other reports, but was told that just means that's the earliest release that it may be worked on. If it doesn't get fixed in that release, they'll just bump it to the next release.
If you look at the Resolution field, it still says "Unresolved", not "Fixed".
Big-Jim wrote:Not everyone forgets their username either. If nothing else, tell your membership to write down their username, password and email address, and keep it in a notebook near their computer.Albert Wiersch wrote:Sure, there are some like that, but not everyone on a forum will always find it worth the hassle to stay on it should something like this occur. That's not a fault of the forum. Everyone is different and not everyone is going to give a forum the same value.
While I certainly don't have any statistics on something like this, I would have to think the percentage of people leaving a forum because they can't remember their username would have to be extremely small. If a member finds this situation to be too big a hassle to deal with, then I have to think that member doesn't care all that much about staying on the forum anyway.
So you're implying that the "Forgot your password" feature should be removed?Big-Jim wrote:If I am not at my home computer and want to access a forum, I should already know my username and password. But if for some reason I don't know it, then I will wait until I get home and look it up. Accessing a forum is not something that is a life or death issue. My notebook stays at home right where it belongs.
It is not possible to only use email addresses. The relation between user accounts and email addresses is surjective but not injective.OP wrote:Why require username for forgotten password?
But it could work when the email address corresponds to only one user account, which would be the vast majority of the time.A_Jelly_Doughnut wrote:It is not possible to only use email addresses. The relation between user accounts and email addresses is surjective but not injective.
And now in English: It is possible for one email address to correspond to more than one user account in some configurations of phpBB.
Absolutely not, I never said that, nor did I imply it./a3 wrote:So you're implying that the "Forgot your password" feature should be removed?
Ahh, I only just remembered that. How about an option to enter in either the username OR the email address, and if the email is entered and there is more than one then return an error stating there was more than one match?A_Jelly_Doughnut wrote:It is not possible to only use email addresses. The relation between user accounts and email addresses is surjective but not injective.OP wrote:Why require username for forgotten password?
And now in English: It is possible for one email address to correspond to more than one user account in some configurations of phpBB.
Yes, but phpBB isn't supposed to be changing people's habits.Big-Jim wrote:To my way of thinking, the real issue is why do members forget their password or username? All they need do is write it down someplace.
And there's also the Allow e-mail address re-use user registration setting. It wouldn't surprise me if many boards had that set to No.Albert Wiersch wrote:But it could work when the email address corresponds to only one user account, which would be the vast majority of the time.A_Jelly_Doughnut wrote:It is not possible to only use email addresses. The relation between user accounts and email addresses is surjective but not injective.
And now in English: It is possible for one email address to correspond to more than one user account in some configurations of phpBB.
That's basically what I suggested earlier -- without the error message because I too forgot about multiple E-mail addresses./a3 wrote:How about an option to enter in either the username OR the email address, and if the email is entered and there is more than one then return an error stating there was more than one match?
You compared helping people remember their passwords with giving students answers to tests they failed. I figured one ridiculous analogy deserved another.Big-Jim wrote:How you can compare OnStar with this situation is beyond me. OnStar is a paid service, a service for which people pay quite a bit of money for every year. OnStar will unlock your car for you because that is one of the services you are paying them for. So how do you figure a paid service like OnStar is the same thing as this?Pony99CA wrote:Theirs, of course. Does that mean that people shouldn't be helpful? By your logic, OnStar shouldn't provide remote unlocking for people who locked their keys in the car.
Besides the obvious (how long it takes), I don't know -- you're the one who raised the issue of developer time. Maybe it's low-hanging fruit that a developer could knock off when they had a little free time, but not enough to address a bigger feature.Big-Jim wrote:What possible difference could it make whether the change takes 2 minutes or 2 days?Pony99CA wrote:You talk about using developer resources to do this, but requiring only one of the two items is probably only a few lines of code.
She better hope that she doesn't hook up with somebody at the office. If they had a bad break-up, he'd have easy access to her work account for mischief.Big-Jim wrote: When we first got our new computer system at work, one of young women in the office wrote her password down on her left breast. I happened to see her open her blouse a little and lift her bra away from her breast and I asked her what she was doing. That's when she told me she had written her password there. It may sound funny, but it was a pretty good place to hide her password until she had used it for awhile and could remember it.
Yes, so you agree that it's a useful feature, apparently. So what's the big deal with making it a bit easier? Does it hurt you in any way?Big-Jim wrote:Absolutely not, I never said that, nor did I imply it./a3 wrote:So you're implying that the "Forgot your password" feature should be removed?
Included in the phpBB software is a method to be used should you somehow forget your password. It is quite simple, you click on "I Forgot My Password" and type in your username and email address.
You sure do presume a lot. You presume that people who don't anal-retentively write their passwords down in triplicate are unintelligent and unworthy of your glorious board. You presume that people don't browse the Web (and forums) during their lunch hours and that no companies allow that as acceptable use. You presume that they don't visit forums on vacations, business trips, from their mobile devices, etc. You presume that a wife finding a forum user name and password isn't a big deal even if the husband is visiting a less-than-savory site. You really need to stop with the unfounded presumptions.Big-Jim wrote:To my way of thinking, the real issue is why do members forget their password or username? All they need do is write it down someplace. Presumably visiting a forum is done at home on your own time, not at work when you are supposed to be doing your job. Who is going to "steal" your username and password at your house? But even if someone does find out your username and password, so what? It isn't like they just got the key to your life savings. So your wife discovers your username and password for a forum. Big deal. I am sure that is a really big security breach, we better get the FBI involved in this one.
Not to mention Big-Jim also presuming that visiting a forum is done on one's own time and not at work. A lot of businesses & gov't organizations use our software, so visiting the support forum is often work-related.Pony99CA wrote:You sure do presume a lot. You presume that people who don't anal-retentively write their passwords down in triplicate are unintelligent and unworthy of your glorious board. You presume that people don't browse the Web (and forums) during their lunch hours and that no companies allow that as acceptable use. You presume that they don't visit forums on vacations, business trips, from their mobile devices, etc. You presume that a wife finding a forum user name and password isn't a big deal even if the husband is visiting a less-than-savory site. You really need to stop with the unfounded presumptions.
Steve
The developers of the phpBB forum software have already included an easy and secure way to do it.Albert Wiersch wrote:Anyway, regarding this issue, it doesn't matter WHY people lose their passwords; what matters is that they DO lose their passwords... and when they do, there should be an easy and secure way to recover or reset them.