Dear MSDN Forums, Administrators, Moderators and MVP’s and everybody else.
A short story
“Today, I’ve created an account at Microsoft Development Network (MSDN) Forums. I love to help people, it is very fun. Four years later, someone stole my hotmail account and I am not able to get it back. I am now not able to logon to MSDN Forums, since I cannot the new password. Microsoft will not help me by changing my e-mail to my new one so I can use the same account, instead I restarted as a beginner and I made a new account at MSDN Forums once again with 0 zero recognition points and 0/5 medals. Compare that with my four year account where I had 4/5 medals and 7200 points. Now I am sad and I’ve lost my potential.” – Any new member that connects to the MSDN Forums Network.
A (security) accident
A small security accident can block the opportunity to sign-in to MSDN Forums. Who is affected? Well, not windows live accounts, but account like @microsoft.com, @gmail.com etc. The following thing occurred to my friend (Here are his words in quotes):
“Hi Coder24,
Glad to see you again.
I'm the Martin Xie. This is my new ID.
My original ID cannot be logined into MSDN forums for security reason.” – Martin Xie – MSFT, Moderator
There were not enough of alternatives for Martin to use so he recreated a new account. [To proof this: His original account and the new account he made].
[Here’s the discussion: http://social.msdn.microsoft.com/Forums/en-US/vbinterop/thread/c7fa99e7-11b8-4f83-a1c6-cca326176b5f/?prof=required]
I’ve been speaking about this suggestion before
“Hi Don Tan:
What if the user doen't want to create a new, he/she wants instead to change the account login
(but still keep the recognition points)?
Have a nice day...
Best regards,
Fisnik” – Me (Fisnik).
The answer I got in this discussion:
“I'll bring this up to the team. We've had the same question from other Forums Users. Valid question and scenario. Currently there's no option in the edit profile to dissociate and re-associate with a different Passport Account.
Thanks for the feedback.” – Don Tan MSFT, Administrator
[To check out that discussion click here]
There Appears Only One Solution
For this to work, Microsoft needs to make a new e-mail address, and allow users who want to change their e-mail address to another. If a member at MSDN used his email address (e.g. peter@hotmail.com) for a while, and then one day, something happened with his account now his not able to use that address any more. So we must be able to contact Microsoft with another e-mail account AND tell them what has happened and ask them if they can change his old login e-mail address to his new one. By implementing this solution, users would be able to continue with their old account (they will still have their recognition points, medals, threads etc), only one thing will change their login email. This is a thing that Microsoft in U.S. can do, by modifying the database manually or setting up a system which automatically re-changes the e-mail login for that specific member.
One important security note:
There appears a small security problem here, when making the mechanism (the engine which will change the account e-mail login to a new one), make a verify system, which sends SHA-256 hash keys, that need to be pasted into a specific textbox and that key will of course be verified with another one on the DATABASE. Why this security problem might appear? Think if I am your friend and I know your email address, I will only be able to email Microsoft and tell them that my old email (which is yours) is this one and I want to user (my new one) so I can sign in to MSDN Forums. – Think of the impact, I will easily be able to use your account with one of mine e-mail addresses. It’s why important for Microsoft to build a security system.
This [is] very important.
Thanks!
Have a nice day…
Best regards,
Fisnik
Coder24.com
