Leora (leora) wrote in suggestions,

Secure Removal of first email address

Secure Removal of first email address

Short, concise description of the idea
Remove the security risk of not allowing the removal of the first email address without adding a significant increase to security by allowing the removal of it.

Full description of the idea
Create a system for allowing the removal of the first email address. Probably something along the lines of the following, although the time periods can be altered based on people's estimation of necessary security.

If I have foo@first.com as my first email address and now use bar@second.com but still have access to foo@first.com allow me to select for the removal of foo@first.com after switching to it and validating. However, to prevent obvious security concerns, require a large time delay. If I want to remove the address, have a warning sent to the email address once per month for say 3 months that this address will no longer have access to this LiveJournal account unless I click something that says abort.

If I don't have access to foo@first.com still allow removal, but increase the time amount and still send the emails. Perhaps say 6 months. And also send emails to the currently validated address so that it can be aborted from either side, in case of a compromised account.

This allows legitimate owners to not have their accounts taken over, since they have enough time to handle any temporary security issues. While allowing people to graduate from college, migrate away from an ISP, and do other things that people do without destroying their LiveJournal account's security.

An ordered list of benefits
  • Security increase for every user who needs to switch email addresses and lose access to their first validated email address.
  • It allows people who are moving/graduating/changing ISPs to plan the change smoothly and gracefully with no loss of security. It might even if we're massively lucky encourage some people to put in their new email address so they don't lose access to their account when they forget their password (yeah, that part's a long shot).
  • It's a much easier to explain system and I think will result in happier users. A lot of users don't like that their only options are to not register for an LJ until they have a static life-long email address, forever have an insecure account, or open a new account and manually move all of the entries and lose all of the comments and the connection with the previous account.

An ordered list of problems/issues involved
  • There is a slight security decrease from people who gain ac cess to someone's email address. However, they will need to wait months for their goal and have the other person do nothing.
  • It will require coding, explaining, FAQ writing, support answering, etc.
  • It will require the system to send out more emails and keep track of when to send them, which increases the load on the system. The feature will likely be used heavily at first, as many people clean up their email management lists to secure them, but then dwindle to a small, steady drain.

An organized list, or a few short paragraphs detailing suggestions for implementation
  • I don't know how to code it, but the detailed description explains one way it could work. It wouldn't be that far different from the current email management system, although it would require a new message for removal of the first email address, since it would need to inform the user of the time delay and ability to abort that will occur. There are already pieces of code in place for sending out emails after various time intervals, used for paid time expiration emails, this could probably use similar code.
Tags: account management, security, § implemented
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded