Guest
home
beatmaps
rankings
community
store
help
forum
  1. Forums
  2. osu!
  3. Development
  4. Feature Requests
  5. Completed Requests

[resolved] [Web] E-mail/password changing confirmation via E-mail.

posted
Total Posts
11
This is a feature request. Feature requests can be voted up by supporters.
Current Priority: +0
KatouMegumi
923 posts
Joined May 2014
Topic Starter
KatouMegumi
I mean via old E-mail if you're changing account E-mail. That should protect users from account theft.
Cuz account theft is bad thing and protecting the users from account theft should be always good.
I hope it's isn't a duplicate.
Last edited by KatouMegumi , edited 1 time in total.
MillhioreF
Pro Tester
5,004 posts
Joined July 2011
MillhioreF
You already need to enter your password in order to change your email address. If someone has your password, the account is already stolen, so I don't see much point in this.
sLaiNi
34 posts
Joined May 2013
sLaiNi

MillhioreF wrote:

You already need to enter your password in order to change your email address. If someone has your password, the account is already stolen, so I don't see much point in this.
What he's telling is:
When someone steals your password and logs into your account, he can change your E-Mail/ Password without any problem, which results in the account completely being unable to access for you.

If you have to confirm an E-Mail first, he'd have to steal your E-Mail, too in order to take away your access to your account.

I guess that's what he's talking about.
Last edited by sLaiNi , edited 1 time in total.
KatouMegumi
923 posts
Joined May 2014
Topic Starter
KatouMegumi

MillhioreF wrote:

You already need to enter your password in order to change your email address. If someone has your password, the account is already stolen, so I don't see much point in this.
If account password was stolen?
Kitokofox
osu! Alumni
455 posts
Joined August 2012
Kitokofox
sLaiNi is kind of right. It would be good to include at least a backup means of verification that doesn't require something already used to access the account. So, for example, you could have a security question (Or two) that can be used to override.

Regardless, if you find unathorized usage of your account, you can mail the support team and let them know. They can verify if your account is being used by another address. That's probably a good step in the right direction on any account stealing.
Bauxe
1,624 posts
Joined August 2012
Bauxe
I 100% think this should be implemented.
XinCrin
2,846 posts
Joined January 2012
XinCrin
I forgot my e-mail password :(. Well this is useful but I don't know what to do if I forgot my e-mail o:
Bauxe
1,624 posts
Joined August 2012
Bauxe

XinCrin wrote:

I forgot my e-mail password :(. Well this is useful but I don't know what to do if I forgot my e-mail o:
You should use an email address that you actually know.
Piine
1,573 posts
Joined March 2012
Piine
To be honest, this should be implemented in general. The point Millihore have stated wouldn't make sense when someone would obviously have your password if your account was stolen.
Noffy
Nomination Assessment Team
1,659 posts
Joined April 2012
Noffy

Kitokofox wrote:

sLaiNi is kind of right. It would be good to include at least a backup means of verification that doesn't require something already used to access the account. So, for example, you could have a security question (Or two) that can be used to override.
I agree strongly with this, since it allows a user to protect their account using means that would not obviously be available to one who had already gotten the password and accessed the account.
This is better in my opinion than sending a confirmation e-mail for cases in which the user is trying to change the e-mail associated with their osu! account because of not being able to access the e-mail, and being unable to change it because changing the e-mail would require an e-mail confirmation, on the e-mail they can't access...
Stefan
Global Moderator
10,393 posts
Joined January 2011
Stefan
We currently have the verification system which appears if you either want to do changes on your profile or to your userpage. It obviously doesn't help when your account is stolen but for this there will be something added in the future from what I heard. At all, the point of this request does exist.
Please sign in to reply.

New reply

0
1 / 11