[feature-proposal] Forgot password improvements
Ewout ter Haar
ewout at usp.br
Mon Nov 11 16:24:43 BRST 2013
In case of n>1, just returning the complete name and maybe the avatar for
disambiguation should be enough and not "privacy destroying". This is all
public information in Noosfero:
http://social.stoa.usp.br/search/people?query=jose
Off course, a rate-limit system that detects and blocks multiple password
recovery attempt would be nice...
Ewout
http://social.stoa.usp.br/ewout <http://stoa.usp.br/ewout>
F. 30916696
On Mon, Nov 11, 2013 at 4:08 PM, "Aurélio A. Heckert" <
aurelio at colivre.coop.br> wrote:
> Hey Wait!!!
>
> This Facebook do not "returns back with the profile info (photo, name etc)
> asking you to confirm if that's you." today.
>
> That is a machine to destroy *privacy*. You can't display the found
> profiles with some related data or someone can discover sensible
> information with *brute force*.
>
> Today Facebook asks for other information while it finds more then one
> profile (if i understand it right).
>
> Aurium
>
>
> On 06-11-2013 13:20, Hugo wrote:
>
> On 05-11-2013 23:44, Ewout ter Haar wrote:
>
> On Tue, Nov 5, 2013 at 11:37 PM, Caio Tiago Oliveira<caiotiago at colivre.coop.br> <caiotiago at colivre.coop.br> wrote:
>
> If the intersection is not empty (the sets aren't disjoint), the only
> way to avoid sending multiple emails in case of conflicts is to ask
> for the combination of field and value.
>
> We can safely assume the intersection is not empty. We have various
> people using their USP number as login.
>
> Why do want so desperately to avoid send multiple emails? I return to
> my original question: would this inconvenience be worth the usability
> gain? I say yes.
>
> I stopped a little bit to look for other ways of doing this keeping
> usability.
>
> Facebook accepts phone, mail and login in one field.
> It always returns back with the profile info (photo, name etc) asking
> you to confirm if that's you.
>
> We could implement that solution just for "User.count > 2".
>
> It doesn't need to be complex, just placing the name of the person next
> to the name of the field it matched in the search.
>
> What do you think?
>
>
> Ewout
> _______________________________________________
> Noosfero-dev mailing listNoosfero-dev at listas.softwarelivre.orghttp://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
>
> _______________________________________________
> Noosfero-dev mailing listNoosfero-dev at listas.softwarelivre.orghttp://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
>
>
>
> --
>
> *Aurélio A. Heckert (aka Aurium)*
> http://softwarelivre.org/aurium
> *COLIVRE — Coop. de Tecnologias Livres*
> http://colivre.coop.br
>
> *Inkscape* — Desenhe Livremente
> http://inkscapeBrasil.org
>
> _______________________________________________
> Noosfero-dev mailing list
> Noosfero-dev at listas.softwarelivre.org
> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131111/2848bb01/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logoColivre_p.gif
Type: image/gif
Size: 5576 bytes
Desc: not available
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131111/2848bb01/attachment.gif>
More information about the Noosfero-dev
mailing list