Comments on: LOVEFILM forgotten password antipattern http://aralbalkan.com/1256 Changing the world through technology and oratory. Thu, 20 Nov 2008 17:36:09 +0000 http://wordpress.org/?v=2.7-beta2 hourly 1 By: Simon http://aralbalkan.com/1256/comment-page-1#comment-166783 Simon Mon, 14 Jul 2008 18:58:29 +0000 http://aralbalkan.com/1256#comment-166783 Whats even more annoying is there doesn't currently seem to be a way to change your password once it has been reset. This has had me looking on the website for quite a while. Its in none of the obviously places. Whats even more annoying is there doesn’t currently seem to be a way to change your password once it has been reset.

This has had me looking on the website for quite a while. Its in none of the obviously places.

]]> By: mad_dog http://aralbalkan.com/1256/comment-page-1#comment-130130 mad_dog Thu, 27 Mar 2008 09:18:53 +0000 http://aralbalkan.com/1256#comment-130130 Hi, Actually this mechanism for password resets (sending a reset to your registered email address) is fairly common on the web. Some sites are even silly enough to send the existing password in the clear, rather than a random reset. I guess that I could sign up for tons of spam using your email address but would you complain that there was a flaw in such a system? If I know your email address and want to cause hassles for you, there are more inventive ways of annoying you than resetting your lovefilm ID. Much more important is how personal details are protected! I'd worry more about that than a password reset. As a means of DOS attack, it would be pretty lame and easily spotted. Hi,

Actually this mechanism for password resets (sending a reset to your registered email address) is fairly common on the web. Some sites are even silly enough to send the existing password in the clear, rather than a random reset.

I guess that I could sign up for tons of spam using your email address but would you complain that there was a flaw in such a system? If I know your email address and want to cause hassles for you, there are more inventive ways of annoying you than resetting your lovefilm ID.

Much more important is how personal details are protected! I’d worry more about that than a password reset. As a means of DOS attack, it would be pretty lame and easily spotted.

]]> By: Jon http://aralbalkan.com/1256/comment-page-1#comment-129434 Jon Tue, 25 Mar 2008 00:25:12 +0000 http://aralbalkan.com/1256#comment-129434 At least you know that they are encrypting your password. Too many websites store passwords in clear text and simple email you your existing password if you hit the "forgot password" button. At least you know that they are encrypting your password.

Too many websites store passwords in clear text and simple email you your existing password if you hit the “forgot password” button.

]]> By: Hendrik Mans » LOVEFILM forgotten password antipattern http://aralbalkan.com/1256/comment-page-1#comment-129000 Hendrik Mans » LOVEFILM forgotten password antipattern Sun, 23 Mar 2008 11:24:28 +0000 http://aralbalkan.com/1256#comment-129000 [...] LOVEFILM forgotten password antipattern. There are sites out there that still do that? Weird. [...] [...] LOVEFILM forgotten password antipattern. There are sites out there that still do that? Weird. [...]

]]> By: James Urquhart http://aralbalkan.com/1256/comment-page-1#comment-128804 James Urquhart Sat, 22 Mar 2008 22:35:02 +0000 http://aralbalkan.com/1256#comment-128804 Reminds me of very similar functionality in the popular web based Project Management solution, ProjectPier. If you just so happen to know the email address of any user in the system, you can quite simply reset their password via the "Forgot Password" screen. Absolutely ridiculous, imo. Reminds me of very similar functionality in the popular web based Project Management solution, ProjectPier. If you just so happen to know the email address of any user in the system, you can quite simply reset their password via the “Forgot Password” screen.

Absolutely ridiculous, imo.

]]> By: jankees http://aralbalkan.com/1256/comment-page-1#comment-128796 jankees Sat, 22 Mar 2008 21:59:36 +0000 http://aralbalkan.com/1256#comment-128796 That is pretty stupid indeed, I don't understand why openID is so rarly used... But Aral, weren't you a Flashprogrammer? You only write about other stuff :) (not that it is not interesting but I'd love some more swx...) That is pretty stupid indeed, I don’t understand why openID is so rarly used…

But Aral, weren’t you a Flashprogrammer? You only write about other stuff :) (not that it is not interesting but I’d love some more swx…)

]]> By: Aral http://aralbalkan.com/1256/comment-page-1#comment-128777 Aral Sat, 22 Mar 2008 21:13:27 +0000 http://aralbalkan.com/1256#comment-128777 LOL LOL

]]> By: Anonymous prick http://aralbalkan.com/1256/comment-page-1#comment-128771 Anonymous prick Sat, 22 Mar 2008 21:02:59 +0000 http://aralbalkan.com/1256#comment-128771 So.... what's your email address? So…. what’s your email address?

]]>