Modern Vespa

Ever since I revamped the password reset mechanism here on Modern Vespa, I have been surprised (and maybe a little bit alarmed) at how often it is actually used. I added logging to the feature while I was re-writing it, as much to help me debug and diagnose any lingering issues as anything. What I thought was a rarely-used feature turns out to be... well, not so rare.

So, if you don't mind, tell me about your experience changing your MV password, any time in the last year or so. What parts worked well, what didn't work very well, and what led to the need to reset it.

I'm genuinely interested.

For 'fun', I just reset mine. I used the forgot my password feature and it worked perfectly. My phone remembers my passwords as I'm old and forget things. But mostly I like monster cookies.

What I have to say you probably already know. I lost my phone and with it access to the email that was stored on MV database. I was stuck. I guess it's just a security feature. But I was pretty much unable to reset my password because MV would send a token to the email that I no longer had access to.

It was all resolved when I remembered that I had an old tablet with the remember password installed on it. But I could not pair the tablet to my new phone. So I went to a hotspot with the old tablet and voila the remember password was my lifesaver.

I think the takeaway from this is that an email address is very much a lifeline to a whole range of services, not just MV. Out of all the passwords that we use on a regular basis, the sign-in details for our email accounts are probably the most important. Nearly everything can be reset by proving that you own the email account.

If you haven't already, you should probably set your MV email to an address that you know you won't lose access to. If this means writing down the password for the email account and putting it in a safe place, so be it.

This might also be a good time to mention my current favorite non-gmail email provider. It's a paid service, and works a bit differently than most email platforms, but it has become my main email account.

It's called Hey, and it has changed my very long and painful relationship with email for the better. You can use it for free during a trial period to see how you like it.

Resetting mine just now worked like a charm. It only took around 10 seconds to get the reset email from you.

Reason: I am a retired computer geek and change 179 passwords every few months. This post just happened to remind me it's about time.

Should have been faster The current code will react to a password reset in under a second, including sending the email. Unless you catch it near the 10 minute mark, when the daemon briefly re-launches itself. I'm also a retired computer geek, and I can say with some confidence that your Modern Vespa password probably doesn't need to be on the highly-secure list. Worst case scenario, someone impersonates you here.

I lost my old email address and never updated it soon I can't get into my old account. Tried to email an admin a few years back. So that part was unfortunate.

No worries about that. Just look at my profile pic. Who would even want to be me. Lurker since 07, and still just sitting here quietly.

I realized the other day that all of my 50 or so e-mail addresses ultimately are run by the same company, including those with my personal mail domain.
So to avert an apocalypse, I added yet another adress to the zoo. Mailbox.org ticked a lot of my boxes. Then I moved my amazon login to the new e-mail address. Maybe I should do the same with my MV login.
Hey looks interesting, but I've never really had a problem with e-mail as it is.

I had a similar realization recently, but with respect to my AppleID and my main email address being reciprocally tied to each other. It seemed like a recipe for a catch-22 problem, so I decided to move to a non-iCloud email address. Email has, at various times in my life, become a full-time occupation. My relationship with email goes back a long, long way, well before the dawn of the World Wide Web. At some point, I realized that all the time I spent on email could be better spent on something else, and so I started to look for a different solution. Hey.com has about the right balance for me. YMMV.

Probably works well, but my reset got sent to an email I no longer have access to. Would be nice to have a security question option to reset if possible?

Note: talking about a different, much older account I used to have (Ape)

Perhaps a code sent to a mobile phone? People tend to hang on to phone numbers even when they change carriers.

Also, I note that it's so cheap these days to purchase own's own domain - one can then have all email to it forwarded to whatever current ISP's email provision is (or gmail or whatever) and it'll stay the same address (or multiple addresses) for as long as you have that domain. I'm surprised so few people do this, or even know it can be done. You're no longer beholden to an ISP for email provision, which for some people means they feel stuck with a poor provider, much like people not leaving a bad employer just because of health insurance...

That's probably more viable than security questions (which are largely out of fashion these days). It still wouldn't have helped Max, though, who lost his phone. There's also the small problem of mobile vs. non-mobile phone numbers, and the ability to receive text messages. Personally, I'm wary of any website that asks for my phone number, but maybe I'm just paranoid. Agreed that's a reasonable approach. The obstacle is probably just navigating domain registrars and the arcanery of domain settings.

You can also have iCloud handle email for your own domain name, too -- for those that have iCloud accounts, anyway. (I haven't actually tried this myself yet, but am interested in experimenting with it).

Graylisting can be annoying when you use your own mail domain. In fact, my mails to you, Jim, regularly bounce because I don't have a website associated with my domain (any longer).

Unlike most instances of my resetting my password, on MV the reason wasn't because I forgot mine. Rather, it was because I was notified by an outside security source I subscribe to that this site had been compromised (several years ago), and with it my password had been compromised.

The actual act of resetting the password was smooth and painless.

That's doable as a last resort. I did it once and it worked. But we tend to forget that the moderators have lives as well. And apparently they were all busy following Dave's head gaskets thread.

News to me.

That said, I've been notified by iOS that various passwords on various services have been compromised. It's rarely the case (as in, almost never) that the site where I used the password was actually compromised. The far more common case is that a password I used happens to match a password that showed up in a dump of compromised passwords, disconnected from any user ID I might actually have been using.

On the other hand, if the outside security source said specifically that modernvespa.com had been compromised, I'd appreciate hearing about it.

Just for no website? That's unreasonable.

Email to all my domains should get through to me - no blocks in place. However, I forward all email to the crowth.org.uk domain though a gmail account (for surprisingly efficient spam filtering) and back again to postmaster@ - maybe gmail are bouncing some. If it happens again, I'd like to see the bounce details.

I had a feeling, but it seemed a small bother to just change the password there rather than get you or the moderators involved in a Q&A session.