SSO login general chat thread

[cariboo]

OK wait, my emails were different on the U1 and forum. To log into the U1 I had to use the associated U1 email, so now I can't access my old forum account/profile and so of course I can't change that email to match the U1 account. WHAT? I hope that by logging in via U1 SSO I haven't lost EVERYTHING??????? What do I do now and why aren't there obvious instructions for us somewhere?????

Change your Ubuntu One email address to the same as the one you used for your forum account, then once you've logged into the forum, you can change your Ubuntu One email address to whatever you want, as SSO login doesn't depend on email addresses, after the first login.

[Aide9aic]

Your forum software got hacked... tying together our forum logins with our Ubuntu One accounts seems like it has the potential to link together potentially insecure forum software with an account that for many people contains a lot more sensitive information than they would ever have with just a standard forums account.

unlike vbullitin the culprit of the issues that made the foums go down

This report, from a Ubuntu forum admin, would disagree with assertions that the forum software was "hacked" or that vBulletin was somehow to blame.

http://ubuntu-discourse.org/t/looks-...defaced/603/65

We now know what happened, it wasn't anything to do with a security hole in VB, all this came about via social engineering and legacy problems left over from when the previous owner was still running the forum. For some reason, some of the loco mods had admin privileges, and it was one of those accounts that was compromised, along with quite a few hooks in pnp that allowed the attacker tp deface the site. Canonical IS is in the process of rectifying the problems.

[Fh7p6mG]

I'm pretty sure that "Fh7p6mG" is neither my previous forum username, nor is my login.ubuntu.com username. I have no idea where this was picked up from. Suffice to say I've now lost all my subscriptions and post counts. Whilst I fully understand the reasons behind this, it doesn't appear to be working for a significant portion of the users.And yes, I did make sure my main email account in login.ubuntu.com is the same as my old ubuntuforums.org email address.

[blenderfox]

Okay, I managed to fix it. I had to create a NEW login.ubuntu.account (even though I have one already), with the same email address as my ubuntuforums one, even though I had set my previous ubuntu.com account to have the same preferred email as my forums account. So now I'm using two SSO accounts. Not ideal, but I guess I'll have to live with that.

[loukingjr]

Trying to create an SSO account was extremely unintuitive to say the least. But there is an issue I find much more annoying. When I receive an email notification of a thread I'm following and I click on the link, it does take me to the page. However, if I don't log in I will not receive further notifications. If I do log in, instead of taking me back to the page I was on, it takes me to the home page of the forums. The other problem is, apparently you can't stay logged in as you could before. So every time I get a new email notification I have to relog in. This all seems more trouble than it's worth.

[Newbunto]

I don't know what password I was using on here back then.

If you ask nicely perhaps someone will make the salt and the hash of your old password available to you. Then you can test the various passwords that you think it might be.

There is some chance that it is the same as some of my current passwords for various online accounts and such.

It goes without saying that you should just never ever do this.

Now I have little option but to ...

If you think that any of your passwords is strong enough to survive MD5 brute forcing then you can take a punt and not change that password.

[deadflowr]

If you ask nicely perhaps someone will make the salt and the hash of your old password available to you. Then you can test the various passwords that you think it might be.

The only person who can get you your old password is the hacker, as Canonical IS overwrote all passwords and randomised them.


If you feel that you might have used the same password on any other site, or system, then change them.
In fact, for good measure, change all your passwords.

[TLD98541]

I tried to follow the instructions but when I tried to create a Ubuntu One account I just got an error message like "This email address cannot be used" with no further explanation. After some flailing around I think that what this is telling me is that I already had a Ubuntu One account even though I didn't know it. So I did a password reset on my Ubuntu One account and that got me over that hump.

I had this exact same problem, happily i read this post before i screwed up my account here.

[von Stalhein]

Just happy it's back. Very happy.

Severe withdrawal symptoms exacerbated by a broken machine and only being able to operate in Windows until I build another one were made even worse by not being able to experience Ubuntu vicariously.

First world problems eh?

[ofnuts]

OK, so I was on of the lucky ones who got the same account after registering on SSO

IMHO the whole thing is a bit overboard. As long as I am not moderator or admin, there is no need for a really secure forum access. Using a trivial password exposes yourself to what? Someone who masquerades as you to troll people? Big deal... When I received the mail from UF about hacked accounts, I didn't raise an eyebrow... even the mail userid isn't the main one so it cannot be used to log in on my mail box.

Now the very down-to-earth and practical question: in the former life of Ubuntu forum, I could have a bookmark on http://ubuntuforums.org/usercp.php and the userid and password kept by Firefox so checking out new stuff on UF was a one click operation. Now it takes me through several pages and leaves me in UF home. So what can I do to get back to the original? What id should I use to login? the UF one? My name on U1? My mail for U1?