Question about accounts with invalid email addresses

[Bizmark13]

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

[Decksperiment]

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

[Chijio]

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

i guess it will be safe if you create new email address for your active accounts just in case the migration happens..

[Muhammed Zakir]

Create a new email address and use it for this forum. It can be similar to your username if you are doing any sort of business here.

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

No. Slickage team can't access to passwords. So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

[kcud_dab]

So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Source?

[Muhammed Zakir]

So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Source?

Sorry! I will try to put source when posting something like this.

As a confirmation, we're working really hard to make sure as much of the data is carried over. The only thing we can't carry over is passwords, so when you first log on to the new forum, you'll need to set a new password.

This will probably be done over email so make sure the email you have registered with THIS forum is your email and not ... say a burner email account like mailinator or something like that.

[R2D221]

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

[theymos]

To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

[Bizmark13]

To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

Ah, OK thanks for that answer. I did change my email address to a valid one as a precautionary measure.

The secondary method would probably be quite useful for a lot of members here, I would think. Since the forums don't currently enforce the use of a valid email address, I suspect many people might no longer be able to access their old email address or they might have signed up using an invalid one.

Looking forward to seeing the new forum up and running soon.

[guitarplinker]

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

[Muhammed Zakir]

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

AFAIK they use same algorithm, SHA-256.

The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.

[GoodMerchant]

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

[R2D221]

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

[Muhammed Zakir]

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

Probably they will put a short message saying to change email and put a link to thread. Also, this might also be available. IMHO it is better not to give access to passwords.

=snip= A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

[Fiiasco]

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

You should definitely change your email address now, just in case that we move the forum anytime soon.