helloandgoodbye9 wrote:

Abstract- wrote:

BookOwl wrote:

liam48D wrote:

DaSpudLord wrote:

liam48D wrote:

DaSpudLord wrote:

Firedrake969 wrote:

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

Yeah, that's what I was talking about - it would solve a problem, yes, but it would also create a problem.

If you lost the password to your e-mail account, then that's your fault for not keeping better track of it.

What if somebody who had your old email changed its password and now you can't get in to change your Scratch email to your new email?

Why would you give someone your email account?

Who said I gave them it? Maybe I accidentally left the account logged in at school! (not that I go to school, but you get the demo; also I guess that's still technically giving the account to them but y'know what I mean)

At that point I guess you should use contact us but I don't see why you should have to be forced to go through all the hassle. Plus suppose you – unknowing of the change – tried to change your password, then the email would be sent to your old email account, at which point any malicious new owner of your email account would be reminded that they can mess with your Scratch things.

EDIT: fixed grammar a little

At this point the poor kid has bigger problems than their scratch account being deleted.
Support for email confirmation for account deletion and email switching.

Who said it was a kid? Maybe it was a 80-year-old-man who didn't know how to log out.

(Something similar has happened to me) What if you pay for a email, and then stop paying. How could you confirm it?

DaSpudLord wrote:

helloandgoodbye9 wrote:

Abstract- wrote:

BookOwl wrote:

liam48D wrote:

DaSpudLord wrote:

liam48D wrote:

DaSpudLord wrote:

Firedrake969 wrote:

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

Yeah, that's what I was talking about - it would solve a problem, yes, but it would also create a problem.

If you lost the password to your e-mail account, then that's your fault for not keeping better track of it.

What if somebody who had your old email changed its password and now you can't get in to change your Scratch email to your new email?

Why would you give someone your email account?

Who said I gave them it? Maybe I accidentally left the account logged in at school! (not that I go to school, but you get the demo; also I guess that's still technically giving the account to them but y'know what I mean)

At that point I guess you should use contact us but I don't see why you should have to be forced to go through all the hassle. Plus suppose you – unknowing of the change – tried to change your password, then the email would be sent to your old email account, at which point any malicious new owner of your email account would be reminded that they can mess with your Scratch things.

EDIT: fixed grammar a little

At this point the poor kid has bigger problems than their scratch account being deleted.
Support for email confirmation for account deletion and email switching.

Who said it was a kid? Maybe it was a 80-year-old-man who didn't know how to log out.

(Something similar has happened to me) What if you pay for a email, and then stop paying. How could you confirm it?

In this day and age, why would you pay for an e-mail? There are plenty of free e-mail sites, like AOL and Gmail.

DaSpudLord wrote:

customhacker wrote:

I would support this exept for one reason. They could switch the email adress to theirs!

That's actually a good point. What if we had a confirmation for switching e-mail, too?

Regardless, I support.

parceL wrote:

oh good, let's add more needless security measures that will do nothing but frustrate users who actually want to delete their account. seriously, do you guys really think email confirmation would stop a hacker? if they've gone this far to break into your account, that's not gonna do squat. no support.

parceL wrote:

mario91100_TEST wrote:

parceL wrote:

oh good, let's add more needless security measures that will do nothing but frustrate users who actually want to delete their account. seriously, do you guys really think email confirmation would stop a hacker? if they've gone this far to break into your account, that's not gonna do squat. no support.

E-mail confirmation would, for the most part, stop a hacker. You shouldn't even have the same password for different accounts, and if you do, you have a bigger problem than just your Scratch account being wrecked.

first, that argument makes no sense. how does having the same password for multiple accounts affect anything? when i said email confirmation wouldn't help anything, i meant that the hacker would be able to easily change the linked email to a different one, and from there confirm the password change. second, even if having the same password for multiple accounts did matter, what “bigger problems” are you referring to? a hacker wouldn't be able to know what other sites i inhabit. none of my accounts elsewhere would necessarily be at risk.

NowhereCollabs wrote:

parceL wrote:

mario91100_TEST wrote:

parceL wrote:

oh good, let's add more needless security measures that will do nothing but frustrate users who actually want to delete their account. seriously, do you guys really think email confirmation would stop a hacker? if they've gone this far to break into your account, that's not gonna do squat. no support.

E-mail confirmation would, for the most part, stop a hacker. You shouldn't even have the same password for different accounts, and if you do, you have a bigger problem than just your Scratch account being wrecked.

first, that argument makes no sense. how does having the same password for multiple accounts affect anything? when i said email confirmation wouldn't help anything, i meant that the hacker would be able to easily change the linked email to a different one, and from there confirm the password change. second, even if having the same password for multiple accounts did matter, what “bigger problems” are you referring to? a hacker wouldn't be able to know what other sites i inhabit. none of my accounts elsewhere would necessarily be at risk.

The “bigger problem” is that, if you have the same password for separate accounts, then the hacker could access those as well, with several methods of finding out what and where the accounts are (for varying levels of dedication, too. Just seeing the posts people make and their signatures can be good starting points.).

Also, the “e-mail change” thing is a pretty good point. I think it came up earlier in this thread somewhere, but either way, it ties back into the problem of having the same password for multiple accounts; if your Scratch and E-mail passwords are the same, the hacker can just use the same pass to get into your e-mail and wreak far more havoc than they ever could on Scratch.

NanoRook wrote:

Support. Security of others is important.

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

jokebookservice1 wrote:

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

How will you remember the pin?

helloandgoodbye9 wrote:

jokebookservice1 wrote:

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

How will you remember the pin?

Also, a six digit pin can be cracked in 25 milliseconds, according to howsecureismypassword.net.

Firedrake969 wrote:

helloandgoodbye9 wrote:

jokebookservice1 wrote:

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

How will you remember the pin?

Also, a six digit pin can be cracked in 25 milliseconds, according to howsecureismypassword.net.

There are only a million combinations to try

jokebookservice1 wrote:

Firedrake969 wrote:

helloandgoodbye9 wrote:

jokebookservice1 wrote:

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

How will you remember the pin?

Also, a six digit pin can be cracked in 25 milliseconds, according to howsecureismypassword.net.

There are only a million combinations to try

Yes, but surely if they hash with salt it will take like 16 minutes per user (assuming 1 milisecond per hash).
But yeah. If you are attacking an account, 16 minutes isn't much

venyanwarrior wrote:

jokebookservice1 wrote:

Firedrake969 wrote:

helloandgoodbye9 wrote:

jokebookservice1 wrote:

venyanwarrior wrote:

scratchisthebest wrote:

Firedrake969 wrote:

How would you confirm switching the email? An email confirmation probably wouldn't work

It would.

If I guess User1's password (say it's hunter2), I can log into their account and delete their account (by typing in hunter2)

With this suggestion only, I would be able to login to their account using hunter2, change their email to my email, and then delete their account that way. It doesn't actually prevent anything

If I needed to send an email to the old email address before I could change my email, it would then be impossible unless the password to their email is also guessed. (And if that happens you probably deserve it for using the same password.)

BUT, if I'm changing my email because I lost the password to the old one, I can't change my Scratch email legitimately any more and that's dumb.

maybe you can choose a 6 digit pin?

How will you remember the pin?

Also, a six digit pin can be cracked in 25 milliseconds, according to howsecureismypassword.net.

There are only a million combinations to try

Yes, but surely if they hash with salt it will take like 16 minutes per user (assuming 1 milisecond per hash).
But yeah. If you are attacking an account, 16 minutes isn't much

maybe info like: What is your fav. cookie? or: what is your age? or something.