Guys, because I have a burning problem with a lost password, I am bugged by the issue, and want to see if we can get a better account recovery possibility. In summary, the mechanism that the devel list came up with is this:

Password Recovery with Assurance

Loss of Authentication to Accounts -- Loss of passwords -- is the biggest drain on support. Getting account recovery efficient and scaled is a big business issue. The current strategy is to offer multiple methods (such as PasswordRecovery).

This method uses the power of highly trusted Assurers to provide the necessary security. It has the advantage that it scales with the Assurer base, and binds the Assurers more closely to the Members.

Method

Personas

PersonaRoleTradition
AliceMember who has lost her passwordAlice is always the first party
BobAssurer who can conduct the assist to recoveryBob is the second party
Carol2nd Assurer if neededCarol is the third party
TrentTrent is the system Trent is the Trusted Third Party, traditionally this is the CA.

Flow

  1. Member Alice loses her password. Bummer.
  2. Alice arranges an assurance with (optional) password reset with Bob the Assurer.
    1. During assurance, Alice and Bob create A-WORD
    2. (Bob could also advise Alice on how to look after her passwords...)
    3. A-WORD is recorded on Bob's CAP form, and on a card given to Alice.
    4. Alice keeps her A-WORD on a business card until advised that the Assurance has been done.
    5. Assurer marks the A-WORD as entered (this part should work even if Bob already assured Alice.)
  3. Bob completes the assurance on the online system:
    1. Bob enters A-WORD from his CAP form. (this part should work even if Bob already assured Alice.)
    2. Assurer marks the A-WORD as entered on CAP form.
    3. If Bob decides not to assure, he should not enter A-WORD.
    4. As a work-around until the system accepts this, Bob mails A-WORD to the support email address within a signed email. Then, Support initiates the recovery process manually.
  4. When A-WORD is entered into the assurance system:
    1. System generates T-WORD (the Trent Word) as a random string, perhaps into a URL.
    2. T-WORD is mailed to Alice (her primary email address).
  5. When Alice receives the mail,
    1. Alice goes to site, enters the "Password-Recovery-With-Assurer" feature, probably by clicking on the URL.
    2. Alice enters A-WORD and T-WORD in separate boxes, clicks.
    3. If they match, system offers password reset.
  6. On password reset, system:
    1. Notifies all known email addresses.
    2. Offers chance to reset questions?
    3. Suggests that the Alice write her password down somewhere offline and safe.
    4. Anything else we can think of?

Questions

Which Assurer?

Can any Assurer do this? or only 50 point Assurers? Perhaps we should limit this, or watch it more closely for new Assurers.

An alternate is to require any two Assurers with any number of points. Hence, maybe Assurers <50 points are offered a box with A-WORD, and each Assurer enters his A-WORD and B-WORD for 50 points?

Then, a full (50 points) Assurer can be shown both boxes, so as to enter both A-WORD and B-WORD.

Lost login email address?

How does this work if the Member can't recall their login email address? :-/ Is there a possibility to modify the process to cope? No, as the user cannot even see their account.