Page 3 of 16 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 155

Thread: SSO login general chat thread

  1. #21
    Join Date
    Jan 2006
    Location
    Not heaven... Iowa
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Login now by means of Ubuntu One SSO only

    Although I hate to suggest flooding the Resolution Centre, a thread there will let us work on fixing your account(s). There is a procedure (I haven't tried yet) to disassociate your current account/OpenID, which should let you relink with your old one - which still exists.
    Linux User #415691 Ubuntu User #8629
    Iowa Team (LoCo): [Wiki] [Launchpad] [Sub-forum]
    IRC channel: #ubuntu-us-ia on irc.freenode.net

  2. #22
    Join Date
    Jun 2006
    Location
    UK
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Login now by means of Ubuntu One SSO only

    I won't answer people individually who have found themselves with new user accounts for whatever reason, in case I miss anyone. In any case, individual problems get lost in a long thread like this.

    If you need admin help rescuing your old account, please post (politely!) in the Resolution Centre, giving as much information as you can, including the name of your old forum account. An admin will help you in due course, but please be patient. There are only a handful of us and we are all part-time volunteers. Please do not post your email addresses - these can be harvested by spam bots and this will result in more spam to your email account. If we need to confirm email addresses we will find a confidential way of doing that.

    Please do not PM me about your forum account unless you have been asked to. The correct place to contact an admin about your account is here.

  3. #23
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    5,497
    Distro
    Ubuntu Development Release

    Re: Login now by means of Ubuntu One SSO only

    Quote Originally Posted by BLFLpb3 View Post
    Okay, I'm not trying to be too critical here, but this seems like a step in the wrong direction security wise. Your forum software got hacked. It happens, and as someone that runs a forum as well, I've had it happen to me before, though on a much smaller scale. The immediate reaction is to try to increase security through any means necessary, and that's the right step; however, tying together our forum logins with our Ubuntu One accounts seems like it has the potential to link together potentially insecure forum software with an account that for many people contains a lot more sensitive information than they would ever have with just a standard forums account.

    Ubuntu One, unless I'm mistaken, potentially has credit card info, private cloud storage files, and a record of purchases that people have made as well. I've personally not used it for any of these things, but I'm sure there are quite a few people who have. If I did have that kind of info stored in there, I'd be gravely concerned about it being linked with a forum that was just compromised, no matter what level of new security was just added to it. That's just me though...

    That's an excellent theory , especially if there is a man-in-the middle and, of course, presumming it was an inside job. There are things that IS knows, believes and does not know. Whether or not the hacker or hacker group is lying in wait remains to be seen. However, on a lighter note, the effort that went into vetting the database and subsequent copy was done by personel who were offsite from actual forum admins and moderators. Therefore we have to once again trust the meritocracy philology that current ubuntu forum council members are synchronized and on the same page. It was a wise move to incorporate a secondary tier of security which is SSO. So if there is a hand-off somewhere within the works it will be easily detected.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running Trusty /devel/@ 5.120GHz32bit/ Please put [ prefix] on New Threads!

  4. #24
    Join Date
    Apr 2008
    Beans
    10,639

    Re: Login now by means of Ubuntu One SSO only

    Thanks for all the hard work, I'm sure this had to be a nightmare.

    In case it's at all helpful, after updating my SSO profile which I use for the iso-tracker and Launchpad I had to wait a while before I could log into my existing forum acct. I had some other tasks to attend to away from the desk so I ended up waiting about two hours.

    I'm not sure what the appropriate time is for the SSO database to update???? But patience is truly a virtue

  5. #25
    Join Date
    Apr 2012
    Beans
    131
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Login now by means of Ubuntu One SSO only

    I realise that you guys have had a difficult time dealing with "the hack" but this process doesn't seem to work very well. (However I got there in the end.)

    Scenario: Existing Ubuntu Forums user without Ubuntu One account trying to create Ubuntu One account in such a way as not to lose access to existing forum profile etc.

    I tried to follow the instructions but when I tried to create a Ubuntu One account I just got an error message like "This email address cannot be used" with no further explanation. After some flailing around I think that what this is telling me is that I already had a Ubuntu One account even though I didn't know it. So I did a password reset on my Ubuntu One account and that got me over that hump.

    The next problem was with the login to the forum itself. It kept on saying that it didn't have my email address and so it prompted me for it, which is OK, but then when I entered the email address (with correct retyping of the email address for confirmation) it would reject the email address. (Sorry, don't remember error message.) After some more flailing around I think that the problem here is that in the interface between the "OpenID" and the Ubuntu Forums I didn't tick the checkbox to pass the email address - and then whatever Ubuntu Forums is doing to solicit the missing email address doesn't work ! (I think here that I misunderstood what those three checkboxes are asking me. If it won't work unless a checkbox is checked then best to grey it out or remove it altogther.)

    So to summarise some of the issues.

    * People who signed up some time ago to Ubuntu Forums may not remember what email address they used. (For example, I don't have email notification enabled so don't routinely get emails from the forum.)

    * People may be unsure of whether they do or don't have a Ubuntu One account already. (Where did the existing unknown account come from?)

    * Obscure error messages that don't give the user a hint about what to investigate.

    and of course the most fundamental issue, the chicken and egg,

    * Can't post for help until problems are resolved.

    But thanks for everything that is working.

  6. #26
    Join Date
    Apr 2012
    Beans
    131
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Login now by means of Ubuntu One SSO only

    Quote Originally Posted by BLFLpb3 View Post
    however, tying together our forum logins with our Ubuntu One accounts seems like it has the potential to link together potentially insecure forum software with an account that for many people contains a lot more sensitive information than they would ever have with just a standard forums account.
    Yes, that was my thought.

    "Single sign-on" is convenient for users but it violates the very solid security advice not to use security credentials in multiple contexts.

    (Yes, keeping track of literally hundreds of usernames and passwords is a hassle but it does act to limit the damage if one place is compromised. It is my choice to accept that hassle and get higher security.)

    The idea of removing all authentication responsibility from the server on which the forum is hosted is good. That in no way implies that you have to reuse security credentials from another context.

    Let's assume though that the new arrangements are permanent ... how would a user go about fixing this?

    I assume that they would need to create a second Ubuntu One account to replace their existing Ubuntu One account and then move everything over to the second account, keeping the first account only for Ubuntu Forums. Or alternatively, use the second account only for Ubuntu Forums i.e. ditch their Ubuntu Forums profile and become a newb again. LOL.

  7. #27
    Join Date
    Jun 2008
    Location
    Byron, CA, USA
    Beans
    364
    Distro
    Ubuntu 12.04 Precise Pangolin

    Red face Re: Login now by means of Ubuntu One SSO only

    I may have been a little slow to figure it out, but Ubuntu® One™ SSO supports my existing Launchpad™ account, so one Login should gain me access to both Launchpad™ and these Forums. This is a secure enough solution for my requirements - and adaptable enough to compensate, should I find need to close down my Yahoo!® account and go with another E-mail service.
    Gigabyte MA78GM-S2HP / AMD Athlon X2 5600+
    Audio: Creative Laboratoies SB0350 (PCI)
    Video: ATI Radeon HD 3200 (planar)

  8. #28
    8E7M67w is offline Ubuntu Green Coffee Beans
    Join Date
    Jul 2013
    Beans
    0

    Re: Login now by means of Ubuntu One SSO only

    OK wait, my emails were different on the U1 and forum. To log into the U1 I had to use the associated U1 email, so now I can't access my old forum account/profile and so of course I can't change that email to match the U1 account. WHAT? I hope that by logging in via U1 SSO I haven't lost EVERYTHING??????? What do I do now and why aren't there obvious instructions for us somewhere?????

  9. #29
    Join Date
    Apr 2012
    Beans
    131
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Login now by means of Ubuntu One SSO only

    Quote Originally Posted by bcschmerker View Post
    I may have been a little slow to figure it out, but Ubuntu One SSO supports my existing Launchpad account
    Ditto. With the benefit of hindsight this, I think, is what caused my first problem.

  10. #30
    Join Date
    Oct 2006
    Beans
    2

    Re: Login now by means of Ubuntu One SSO only

    Hmm. I find this conclusion to the wait for the forums to return to be a bit of a disappointment. I created my account here in 2006, probably to ask a question. Whatever the case, I haven't used it since. Then last week I get the e-mail advising of the hack. But here's the thing. I don't know what password I was using on here back then. There is some chance that it is the same as some of my current passwords for various online accounts and such. I had kind of naively hoped that when the forums came back I could try to log in using my e-mail address and most likely password (and failing that one of several other possible passwords), which would have told me whether I needed to go changing any of my passwords elsewhere. Now I have little option but to spend a lot of time going around the whole lot and changing all of them. That's not going to be fun. I wish there was an alternative.

Page 3 of 16 FirstFirst 1234513 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •