Mailinglist Archive: opensuse-project (240 mails)

< Previous Next >
Re: [opensuse-project] Re: Bugzilla account creation.
  • From: Rajko <rmatov101@xxxxxxxxxxx>
  • Date: Fri, 17 Aug 2012 19:07:08 -0500
  • Message-id: <20120817190708.41d37079@linux-zfki>
On Mon, 13 Aug 2012 16:50:03 +0000 (UTC)
Jim Henderson <hendersj@xxxxxxxxx> wrote:

https://secure-www.novell.com/selfreg/jsp/createSimpleAccount.jsp is
the Novell version of the "simple account" page.

Re-skinning will not help much, it has to be rewritten.

Left sidebar is all Novell:

Customer Center Home
----------------------
About Novell Login
Create an Account << leads to complicated page
Edit My Profile << after change it will proceed with [1]
Validate Email
Forgot > Password
User Name
Both

I did not analyze all paths, just 2 with comments.


Basic Novell Login Information:
Make only email info mandatory and then drop "I am not
associated with a company". It will make form simpler and more
acceptable to plain users.


Security question and answer:
I don't think that security question and answer are necessary.
It is used to recreate account access, where email should be better
choice.

Security Q/A will give a chance to people that watch their passwords to
make a mistake choosing simple word, or little known fact from their
life, and create a backdoor with weaker lock then the main one.
Of course, it will ask malicious side to do some research on the
subject, but that is why it can be considered as a weak password.

Email is quite dependable thing and it is easy to remember.

There are scenarios where email account is hijacked too, so all is
false, but security question^W^W weak password will not protect such
user.

There are other scenario where users changed email service provider, but
forget to change it in misc login and profile information. In that case
it is probably better to create new account then to use Security Q/A.



[1] there is another "Continue button that is asking about company
information, although it was checked that I'm not associated with any
company. BTW, that checkmark does not stick between 2 edits. There is
couple of possible names for that; one is pestering people with own
bugs. That behavior is present as long as I remember account creation
page. Nice, but not documented, is that logout at that moment preserves
all changes to profile, so no need to continue.

Should I say that I was victim of that "Continue", and left page
without logout. On my surprise, account was working fine. How many
people would come on idea to login after something that appear as
failed account creation?

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References