Leora (leora) wrote in suggestions,

Disable old emails for lost password retrieval

Title: Disabling old email addresses from being able to retrieve passwords

Short description:
Be able to disqualify any email address (other than the first one used with your LiveJournal) from being able to retrieve passwords as a more effective way of dealing with hacking. Thus preventing hacked journals from being rehacked.

Full Description:
If a journal gets hacked, it should be easy to recover using the Lost Password page as it is currently set up. But if the person who hacked it validated his/her own email address then they can retake it just as easily. I don't think you should be able to disable your initial email address, otherwise people could hack accounts and then keep them from the original owner. But any later email address should be able to be removed - I think. It should only cause problems in cases where accounts were stolen (and if some really stupid user deliberately invalidated their own current email and then forgot the password, well that's just silly) so it shouldn't cause more problems than it solves.

Better protection for users who do lose their journals for some reason or other.
Less time needing to be spent by whomever handles such things since fewer problems means fewer people needing help.

Needs coding, of course. And it'd need a clear interface so people don't go stupidly putting their email address into it.

No clue, I can't code.
It could be on the Lost Info page since users would need to go there anyway. But it should have nice big clear warnings next to it explaining what it is for.
Tags: abuse, account management, § implemented differently
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded