Guys, because I have a burning problem with a lost password, I am bugged
by the issue, and want to see if we can get a better account recovery possibility.
In summary, the mechanism that the devel list came up with is this:
Password Recovery with Assurance
Loss of Authentication to Accounts -- Loss of passwords --
is the biggest drain on support.
Getting account recovery efficient and scaled is a big business issue.
The current strategy is to offer multiple methods
(such as PasswordRecovery).
This method uses the power of highly trusted Assurers to
provide the necessary security.
It has the advantage that it scales with the Assurer base,
and binds the Assurers more closely to the Members.
Method
Personas
Persona | Role | Tradition |
Alice | Member who has lost her password | Alice is always the first party |
Bob | Assurer who can conduct the assist to recovery | Bob is the second party |
Carol | 2nd Assurer if needed | Carol is the third party |
Trent | Trent is the system | Trent is the Trusted Third Party, traditionally this is the CA. |
Flow
- Member Alice loses her password. Bummer.
- Alice arranges an assurance with (optional) password reset
with Bob the Assurer.
- During assurance, Alice and Bob create A-WORD
- (Bob could also advise Alice on how to look after her passwords...)
- A-WORD is recorded on Bob's CAP form, and on a card given to Alice.
- Alice keeps her A-WORD on a business card until advised that the Assurance has been done.
- Assurer marks the A-WORD as entered
(this part should work even if Bob already assured Alice.)
- Bob completes the assurance on the online system:
- Bob enters A-WORD from his CAP form.
(this part should work even if Bob already assured Alice.)
- Assurer marks the A-WORD as entered on CAP form.
- If Bob decides not to assure, he should not enter A-WORD.
- As a work-around until the system accepts this,
Bob mails A-WORD to the support email address within a signed email.
Then, Support initiates the recovery process manually.
- When A-WORD is entered into the assurance system:
- System generates T-WORD (the Trent Word) as a random string, perhaps into a URL.
- T-WORD is mailed to Alice (her primary email address).
- When Alice receives the mail,
- Alice goes to site, enters the "Password-Recovery-With-Assurer" feature, probably by clicking on the URL.
- Alice enters A-WORD and T-WORD in separate boxes, clicks.
- If they match, system offers password reset.
- On password reset, system:
- Notifies all known email addresses.
- Offers chance to reset questions?
- Suggests that the Alice write her password down somewhere offline and safe.
- Anything else we can think of?
Questions
Which Assurer?
Can any Assurer do this? or only 50 point Assurers?
Perhaps we should limit this, or watch it more closely for new Assurers.
An alternate is to require any two Assurers with any number of points.
Hence, maybe Assurers <50 points are offered a box with A-WORD,
and each Assurer enters his A-WORD and B-WORD for 50 points?
Then, a full (50 points) Assurer can be shown both boxes,
so as to enter both A-WORD and B-WORD.
Lost login email address?
How does this work if the Member can't recall their login email address? :-/
Is there a possibility to modify the process to cope? No, as the user
cannot even see their account.