Announcement

Collapse
No announcement yet.

[pw change] Who do you think you are, really!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ShadyNight
    replied
    Naw, did think you were pointing to me specifically. Just putting in my 2 cents, for what that's worth these days. ~_^

    *shrugs* either way, just glad our situation is sorted, and hope that if this does happen in the future we can be forewarned, updated or not.

    Leave a comment:


  • Digital Jedi
    replied
    Originally posted by ShadyNight View Post
    [/LIST]I for one did not say this was vBulletin's fault. HOWEVER, a warning before changing a password, or hell, even a yearly "update information", would have been extremely helpful to prevent this.[/LIST]I have proper access to the members area. I do NOT however, have access to her e-mail account to which all vB correspondence goes to. NOR should I have access to HER e-mail!
    Doesn't mean I think that is vBulletin's fault. I do think the "allowed" support should also receive such e-mails though. (IF In the right "list" in members area)


    Again, much the same as above.

    Really though, I do believe in some of these cases it is a 50/50 split responsibility. If they really are changing password just to be "updated" more secure in the future ... WHAT is the harm in an e-mail AND announcement stating "In x days/weeks/whatever we are going to be making some changes to the security features. You have until then to make sure you have all contact information up to date"?

    Doesn't seem hard.

    IF this was because of a breach in security/passwords/whatever? Then FINE, at least be a bit more understanding. Maybe even keep some sort of "Is allowed access" list that is searchable and updated constantly. *shrugs*
    Nor was I addressing you specifically, nor was I suggesting that you did blame vBulletin. I was addressing the overall tenor of the thread. No one specifically, other then the part where I quoted the original poster.

    Ultimately, little, if any, responsibility fell to you if I'm remembering your posts correctly, since you were not the owner of the license. This information was squarely and fairly the responsibility of the owner to make certain it was up-to-date. Otherwise, all kinds of information can be missed, like software updates patching security vulnerabilities, notification of suspicious activity or getting your password changed.

    I would agree that it were a 50/50 spilt responsibility, if this were a relationship. But it's not that kind of deal. This is a company who's services we're paying for and agreeing to abide by their TOS, which can change without prior notification. These things happen, and even if it was inconvenient, it isn't necessarily inappropriate or unjust. The thing about being notified in advanced, is that you may give notification to the very people you didn't want knowing about the password change to being with. Kind of like letting the guy who stole your credit card what your new pin number is.

    Leave a comment:


  • ShadyNight
    replied
    Originally posted by Digital Jedi View Post
    The impression I'm getting is very interesting. It seems that the root of all the complaints are really stemming from one primary cause. The lack of the owner to properly maintain his/her end of the bargain. See, this is what I'm hearing:
    • The owner of said license fails to update his/her email because he/she forgets or it's too much of a hassle. This is vBulletin's fault.
    I for one did not say this was vBulletin's fault. HOWEVER, a warning before changing a password, or hell, even a yearly "update information", would have been extremely helpful to prevent this.
    Originally posted by Digital Jedi View Post
    • The owner of said license fails to provide his/her site admins the necessary tools to properly maintain access to the Members area, either deliberately or because he/she simply didn't think about it. This is also vBulletin's fault.
    I have proper access to the members area. I do NOT however, have access to her e-mail account to which all vB correspondence goes to. NOR should I have access to HER e-mail!
    Doesn't mean I think that is vBulletin's fault. I do think the "allowed" support should also receive such e-mails though. (IF In the right "list" in members area)
    Originally posted by Digital Jedi View Post
    • The owner of said license is difficult or near impossible to contact, due either to neglect, or because he/she didn't think it would be necessary to be available for emergencies. Perhaps thinking that these kind of emergencies don't exist. Again, this is vBulletin's fault.
    Again, much the same as above.
    Originally posted by Digital Jedi View Post
    **SNIP**
    Really though, I do believe in some of these cases it is a 50/50 split responsibility. If they really are changing password just to be "updated" more secure in the future ... WHAT is the harm in an e-mail AND announcement stating "In x days/weeks/whatever we are going to be making some changes to the security features. You have until then to make sure you have all contact information up to date"?

    Doesn't seem hard.

    IF this was because of a breach in security/passwords/whatever? Then FINE, at least be a bit more understanding. Maybe even keep some sort of "Is allowed access" list that is searchable and updated constantly. *shrugs*

    Leave a comment:


  • ShadyNight
    replied
    Originally posted by Floris View Post
    *snip*
    If you can't get your details confirmed due to expired emails feel free to ask the tickets to be forwarded to me and I will have a quick and easy way to have the owner of the account to confirm they're the owner. Feel free to ask for me. Apologies for the hoop-jumping, but please also realize we get a lot of fraudulent requests.

    *snip*
    Thank you for the offer. Thankfully it is all done and dealt with now.

    (Though, bonehead me, trying to add my proper e-mail in the "support allowed" spot, damned near caused another headache in support!! )

    But, all sorted now!

    Leave a comment:


  • Webmist
    replied
    Account verification is there for almost all software for security. If you suddenly don't have access due to an invalid email or contact info you can only really blame yourself.

    A good tip is to have a 'general' email seperate from you isp provider. There are a ton of them out there. Keep a list of software and what contact information is given.

    I personally think is was great to generate new passwords and do like the new format.

    A suggestion would be to make it an annual thing or every 6 months. Also to send out maybe a notice in the forums admin area to the effect "An important announcement will be sent to your email in the next 24 hours." Due to the fact if I hadn't been curious and clicked on it I would have thought the email was one of several. "Your account has been suspended. Please login and verify your info" emails.

    Leave a comment:


  • Digital Jedi
    replied
    The impression I'm getting is very interesting. It seems that the root of all the complaints are really stemming from one primary cause. The lack of the owner to properly maintain his/her end of the bargain. See, this is what I'm hearing:
    • The owner of said license fails to update his/her email because he/she forgets or it's too much of a hassle. This is vBulletin's fault.
    • The owner of said license fails to provide his/her site admins the necessary tools to properly maintain access to the Members area, either deliberately or because he/she simply didn't think about it. This is also vBulletin's fault.
    • The owner of said license is difficult or near impossible to contact, due either to neglect, or because he/she didn't think it would be necessary to be available for emergencies. Perhaps thinking that these kind of emergencies don't exist. Again, this is vBulletin's fault.
    Personal accountability seems to be lacking in each of those statements. The only place I can think of where vBulletin MAY have faltered, was not notifying everyone prior to the the change. BUT, I can't help but ask the question, wouldn't that have defeated the purpose of changing the passwords to being with? And honestly, if your account information had been up to date, that point is completely moot. Again, where's the personal accountability?

    Originally posted by hosting-talk View Post
    Firstly, none of your 'security questions' are even REMOTELY appropriate, and they are not necessary!...

    ...Good god, where do people GET this garbage. Not everyone has the same hobbies, sports, girlfriends, memories, hometown,first blah, etc, and it's NOT necessary to deal with this whatsoever...
    Not to pick or anything, but isn't that kind of the point? Wouldn't be much of a security question if everyone's answer was going to be the same. Plus answers that don't apply can simply be fabricated. Then jotted down. (And then the whole personal accountability thing comes into play again. Don't loose the pad.)

    Then, you enforce some ridiculously unnecessary 'security question' that is just uncalled for, and INAPPROPRIATE!
    Okay, let's ask this. What kind of security question is appropriate? Because it seems to me that if it isn't personal, it won't be unique, won't be memorable, and thereby won't serve any purpose. And exactly how is it inappropriate anyhow? You're not sharing these answers with world, but with an encrypted database. And with information that isn't anymore important then the info in your User Profile.

    Leave a comment:


  • DJDarknez
    replied
    Originally posted by EdQ View Post
    The problem I have was no notice.

    You would be upset if you were on a trip and suddenly couldn't use your credit card. Because your bank decided to send you a new card without notice.

    Advance notice would have helped.
    read() error: Invalid argument

    Your old card still works until you call the 800 number on the back of the new card to activate it.

    Leave a comment:


  • Floris
    replied
    Originally posted by Lumina View Post
    My god!
    I thought this was a complete joke, a spam mail to steal your vb password or something!

    But today, trying to download the new vb, my old password wasn't working. And so I remembered about this deleted mail... hopefully I was able to recover it from the trash bin.

    Now I totally agree that it is an unappropriate measure. Before, my password was made with digits only. Now it is made with special chars that I almost can't find on my keyboard!

    And the personal questions are awful! Like I can remember this kind of things? What if it's a company to buy a licence: what kind of answer a company should give to those questions?
    We now also offer the customer a way to request a password change, and we then generate a new pass without much trouble. It's now faster and easier for both staff and customer. Feel free to email [email protected] and request a new pass - feel free to ask for me and I will help you out quickly.


    Originally posted by ShadyNight View Post
    The "owner" (like me) had an old e-mail listed.

    So, support is difficult at best right now. She's being asked to jump through all sorts of hoops and getting no where.

    5 e-mails (or so) and counting.
    If you can't get your details confirmed due to expired emails feel free to ask the tickets to be forwarded to me and I will have a quick and easy way to have the owner of the account to confirm they're the owner. Feel free to ask for me. Apologies for the hoop-jumping, but please also realize we get a lot of fraudulent requests.

    I'd also like to respond with a thank you to everybody who have expressed their opinion with good arguments. They are heard and reviewed, customer feedback helps the company improve their products and customer service.

    Leave a comment:


  • ManagerJosh
    replied
    Originally posted by EdQ View Post
    You would be upset if you were on a trip and suddenly couldn't use your credit card.
    Advance notice would have helped.
    Credit card companies all the time freeze accounts because of suspicious activities. They don't usually wait to contact you. They freeze first, and make sure you contact them to find out what's wrong. This is why when you travel abroad you're recommended to let them know in advance your travel plans so that your account suddenly doesn't work when your on the road with no phone closeby..

    Leave a comment:


  • DoE
    replied
    Agreed.

    EdQ: From what I read in this thread, advance notice would have made no difference to the outcome for those who complained.

    Leave a comment:


  • Creepshow
    replied
    Originally posted by DJDarknez View Post
    You've got to be freakin' kidding me.

    A few years ago, my bank sent me a new credit card. Didn't ask for one. They just did it. New card number, new expiration date, new security code. I had to change my info with a whole ton of places...hosting companies, cell phone provider, everybody.

    Did I pitch a hissy fit? No, of course not. They do that for security reasons. So if for some reason, somebody got my card number, it would no longer be valid.

    So now vB does the same thing, for the same reasons, and a few people are getting mad because the site is MORE secure? You few people are nuts.

    For those who gave reasons: It is NOT vB's fault that YOU do not own the licenses and can no longer get in. The peson who DOES own the license should have given you access to that e-mail account for those odd situations (just like this) that CAN and DO come up.
    Well said.

    Leave a comment:


  • EdQ
    replied
    Originally posted by DJDarknez View Post
    You've got to be freakin' kidding me.

    A few years ago, my bank sent me a new credit card. Didn't ask for one. They just did it. New card number, new expiration date, new security code. I had to change my info with a whole ton of places...hosting companies, cell phone provider, everybody.

    Did I pitch a hissy fit? No, of course not. They do that for security reasons. So if for some reason, somebody got my card number, it would no longer be valid.

    So now vB does the same thing, for the same reasons, and a few people are getting mad because the site is MORE secure? You few people are nuts.

    For those who gave reasons: It is NOT vB's fault that YOU do not own the licenses and can no longer get in. The peson who DOES own the license should have given you access to that e-mail account for those odd situations (just like this) that CAN and DO come up.
    The problem I have was no notice.

    You would be upset if you were on a trip and suddenly couldn't use your credit card. Because your bank decided to send you a new card without notice.

    Advance notice would have helped.

    Leave a comment:


  • DJDarknez
    replied
    You've got to be freakin' kidding me.

    A few years ago, my bank sent me a new credit card. Didn't ask for one. They just did it. New card number, new expiration date, new security code. I had to change my info with a whole ton of places...hosting companies, cell phone provider, everybody.

    Did I pitch a hissy fit? No, of course not. They do that for security reasons. So if for some reason, somebody got my card number, it would no longer be valid.

    So now vB does the same thing, for the same reasons, and a few people are getting mad because the site is MORE secure? You few people are nuts.

    For those who gave reasons: It is NOT vB's fault that YOU do not own the licenses and can no longer get in. The peson who DOES own the license should have given you access to that e-mail account for those odd situations (just like this) that CAN and DO come up.

    Leave a comment:


  • ShadyNight
    replied
    *WHEW* All sorted ... now I just have to go through the pain of changing MY e-mail! ROTFL!

    Leave a comment:


  • Jose Amaral Rego
    replied
    Why does not anyone buy a 'NoteBook' or just print off important information and sort it in a file? I had to add tabs to my notebook and now can just get the information quickly without any trouble. I glad the level of security has increase and jumping though hoops would be the least of anyones problems when running a site.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X