Alternate Account Ownership Validation

[interludesign]

Title
Alternate Account Ownership Validation

Short, concise description of the idea
Make it possible to prove you own an account other than with an e-mail address.

Full description of the ideaThis is something I've seen come up several times on the Support Board (after submitting a similar request of my own). People have lost passwords to older

Comments

[charliemc]

+1

I'm not sure what this might be, but I have to admit I've had SEVERAL email accounts in the past ten years -- and it's very easy to forget one or two. I suppose we should always set up accounts with our major emails, but let's face it, we don't always do that!

Anyway, this sounds like a good idea.

[dropsofviolet]

Great idea! I have one of those accounts. -.-";; +1

[nakeisha]

Good idea.

[pinterface]

[rebelsheart]

agreed. find a method that isn't so easily cracked and I'd support it.

[lied_ohne_worte]

Sorry, but I have to say no. I'm often appalled by how easy such "security questions" are to answer for anyone who is a family member or a close friend of the person who owns the account. And there are far too many cases of people's account being accessed by exactly those people. Having "security questions" would encourage such abuse.

And a password should ideally be random enough - special characters, numbers etc. - that it can't be guessed by anyone, including people who know you. If the password hint is something like "my goldfish's name, plus the first two numbers in my phone number", this essentially means that the password is practically worthless because anyone who has a phone directory and has met my [hypothetical] goldfish can just fill it in.

The problem is that people wouldn't use features like this only to gain access to their own old accounts. I realise that it is annoying if you lose an account because you didn't update the email address. But it can't be the solution to lower account security for everyone.

[lied_ohne_worte]

Also, who would define the security questions? On the sites I have seen, there were two possible options.

1. The site defines them. This means that those questions will need to be of an extremely general nature. Even if you have several to choose from, there usually won't be one among them that can't be answered by others

[pauamma]

There's a way to work around this, assuming reasonably security-conscious users: make it so the user has to specify 2 answers to the question: an easy-to-guess answer, and the real one. (In your case, the question may be "country of origin", the easy-to-guess answer could be "Germany", and the real answer would be completely unrelated to the question (in this case, it could be "Edgar G. Robinson"). An attempt to regain access by giving the real answer works. An attempt to regain access by giving the easy-to-guess answer gets your account suspended instead.

[kightp]

Alas, my memory for such things is so lousy that I'd almost certainly wind up with a suspended account under those circumstances. The whole point of "ask a question" security is that it provides a mnemonic of sorts to remind the person toward whatever the hell they answered way back when.