Closed
Bug 756056
Opened 13 years ago
Closed 13 years ago
Email addresses are rejected as already existing
Categories
(Firefox :: Sync, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gcp, Unassigned)
Details
The Sync setup screen asks the user to give his email address. However, as far as I can tell, we don't really use the actual email in any way, we just want a unique user identifier. This can cause problems if the email gets recycled or if someone else "stole" the email address.
I know hotmail.com recycles email addresses and I suspect gmail also does.
The user will get a notification that his email address is already in use, with no obvious way to proceed (except trying an alternate email, if he or she has one!).
https://bugzilla.mozilla.org/show_bug.cgi?id=442995#c1 <- this appears to be no longer true.
|
||
Comment 1•13 years ago
|
||
What's the bug here, gcp?
If you enter an identical email address string, and it was already used to register for a Sync account, then it'll collide, yes.
(We do still accept "bar+foo@..." syntax; I use it all the time.)
|
Reporter | |
Comment 2•13 years ago
|
||
>What's the bug here, gcp?
Users are asked to enter their email address and we can refuse to proceed if they do. (Through no fault of their own)
>(We do still accept "bar+foo@..." syntax; I use it all the time.)
I figured that out too, but it's not something you can expect regular users to know.
|
|
||
Comment 3•13 years ago
|
||
(In reply to Gian-Carlo Pascutto (:gcp) from comment #2)
> >What's the bug here, gcp?
>
> Users are asked to enter their email address and we can refuse to proceed if
> they do. (Through no fault of their own)
I don't see anything different here from *any* site or service that uses email addresses as user identifiers. Yes, if you have a recycled email address, there's a chance that someone will have used it to sign up for services. We have no way of distinguishing that versus someone who's had an account for a long time and forgotten about it.
|
|
Reporter | |
Comment 4•13 years ago
|
||
>I don't see anything different here from *any* site or service that uses email
>addresses as user identifiers.
All those sites *verify* the email address, so aside from preventing "stealing" of an address, they will also have an "I forgot my password" that resets the account and emails to the email address, allow a successful recovery. We do not have either.
How about giving a message "the email you are trying to use already has an associated sync account", together with a clickable link to a page explaining users what to do (why they shouldn't worry, and how they can recover by adding a +)?
|
|
||
Comment 5•13 years ago
|
||
(In reply to Gian-Carlo Pascutto (:gcp) from comment #4)
> All those sites *verify* the email address, so aside from preventing
> "stealing" of an address, they will also have an "I forgot my password" that
> resets the account and emails to the email address, allow a successful
> recovery. We do not have either.
Yeah we do. :D
https://account.services.mozilla.com/
|
|
Reporter | |
Comment 6•13 years ago
|
||
Alright, then what do you think about simply adding that link to the "email address is already in use" message? ("To recover your account...")
|
|
||
Comment 7•13 years ago
|
||
(In reply to Gian-Carlo Pascutto (:gcp) from comment #6)
> Alright, then what do you think about simply adding that link to the "email
> address is already in use" message? ("To recover your account...")
Probably no harm in doing so, but whether it's worth doing depends on the schedule for Persona-based Sync login…
|
||
Comment 8•13 years ago
|
||
sync triage: considering the timelines for persona-based auth, this is not worth developer time to do now.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Updated•7 years ago
|
Component: Firefox Sync: UI → Sync
Product: Cloud Services → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•