Closed
Bug 638181
Opened 13 years ago
Closed 13 years ago
Purge user password hashes if an account has not been used in over an year
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P3)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: clyon, Assigned: fligtar)
References
(Blocks 1 open bug)
Details
Purge user password hashes if an account has not been used in over an year.
Comment 1•13 years ago
|
||
Is this only for users who have never done anything on the site, or everyone including add-on authors? If we're going to start doing stuff like this, we should have clear messaging. In the past it has been more of an emergency and we just let people figure out how to reset on their own.
Reporter | ||
Comment 2•13 years ago
|
||
(In reply to comment #1) > Is this only for users who have never done anything on the site, or everyone > including add-on authors? I would say for everybody. If somebody hasn't used addons.mozilla.org for a year, we should expire their hash. > If we're going to start doing stuff like this, we should have clear messaging. > In the past it has been more of an emergency and we just let people figure out > how to reset on their own. The workflow for doing a password reset because the users hash was deleted should be refined. (I think this is your point) So some message saying your password has expired and that they will need to do an email reset.
Reporter | ||
Comment 3•13 years ago
|
||
what is the eta for this?
Comment 4•13 years ago
|
||
(In reply to comment #3) > what is the eta for this? Q3/4; Same as all the other new bugs.
Assignee | ||
Comment 5•13 years ago
|
||
I think we should discuss user-facing portions of these security enhancements. I'm fine with things like this for add-on developers, but AMO is a consumer site and this is a really crappy experience that seems unnecessary for the majority of users.
Reporter | ||
Comment 6•13 years ago
|
||
(In reply to comment #5) > I think we should discuss user-facing portions of these security > enhancements. I'm fine with things like this for add-on developers, but AMO > is a consumer site and this is a really crappy experience that seems > unnecessary for the majority of users. If there are concerns, we are more than happy to meet with you to address.
Updated•13 years ago
|
Assignee: nobody → amckay
Updated•13 years ago
|
Assignee: amckay → fligtar
Whiteboard: [ddn]
Assignee | ||
Comment 7•13 years ago
|
||
I don't see why we need to do this and don't know of any other reputable websites that have a policy like this. The only types of users I think this would be useful for are admins and editors, but we audit those users for inactivity more frequently than once a year already. If there are strong reasons the millions of normal users who just create collections and write reviews should have this level of security, we should discuss it.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Whiteboard: [ddn]
Comment 8•13 years ago
|
||
(In reply to comment #7) > I don't see why we need to do this and don't know of any other reputable > websites that have a policy like this. The only types of users I think this > would be useful for are admins and editors, but we audit those users for > inactivity more frequently than once a year already. > > If there are strong reasons the millions of normal users who just create > collections and write reviews should have this level of security, we should > discuss it. The motivation for this request is for the following reasons: 1. Accounts that have not been used in >12 months are most likely abandoned or no longer used. 2. Most users reuse passwords across many sites. The AMO password could very well be the single password they use everywhere with the associated email address. By deleting the hash we are minimizing the impact in the event there is a security incident involving the AMO database. In the event of a future database incident/compromise we are then able to say that the thousands* of accounts that are no longer in use were not disclosed. (*Can we quantify this number e.g. the number of accounts that haven't been used in the past 12 months vs the total number of accounts?) Overall this change is another level of protection for our users. Since we've established we don't need their password hash, we can delete it and minimize the possibility that it could ever be exposed. Thoughts?
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•