Mailinglist Archive: opensuse-project (240 mails)

< Previous Next >
[opensuse-project] Re: Bugzilla account creation.
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Sat, 18 Aug 2012 05:55:48 +0000 (UTC)
  • Message-id: <k0nap3$jfr$2@ger.gmane.org>
On Fri, 17 Aug 2012 19:07:08 -0500, Rajko wrote:

On Mon, 13 Aug 2012 16:50:03 +0000 (UTC)
Jim Henderson <hendersj@xxxxxxxxx> wrote:

https://secure-www.novell.com/selfreg/jsp/createSimpleAccount.jsp is
the Novell version of the "simple account" page.

Re-skinning will not help much, it has to be rewritten.

Left sidebar is all Novell:

IIRC, the left sidebar is brought in with the CSS; as such, that's
essentially re-skinning work. Relative to designing a completely new
page and ensuring that the mandatory information needed on the backend is
in place, adjusting this is likely a trivial thing.

Basic Novell Login Information:
Make only email info mandatory and then drop "I am not associated with a
company". It will make form simpler and more acceptable to plain users.

Perhaps a default of "not associated"? Some people may well want to
specify a company.

Security question and answer:
I don't think that security question and answer are necessary.
It is used to recreate account access, where email should be better
choice.

Security Q/A will give a chance to people that watch their passwords to
make a mistake choosing simple word, or little known fact from their
life, and create a backdoor with weaker lock then the main one.
Of course, it will ask malicious side to do some research on the
subject, but that is why it can be considered as a weak password.

These two are necessary - part of the integrated way in which account
access is regained if a password is lost. Changing that has implications
on the backend from what I understand.

Remember that this isn't (nor is the intention to) completely rip out the
backend - we have too much that depends on it. The goal is to simplify
things for oS users.

The implications of having to create a new account if a password is lost
or stolen are pretty huge. Edits on the wiki, posts in the forums,
access to SUSE Studio appliances, information stored in Connect - all of
that becomes inaccessible.

Better to have a way for the user to recover their account. (Not that
that's really an option /not/ to have here - AFAIK it isn't)

Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups