A valid question to ask is "What if I don't want to disclose an email address to the ECF?".John Upham wrote: I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?
Online Membership
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
-
- Posts: 2193
- Joined: Sat Mar 10, 2012 8:18 pm
Re: Online Membership
I don't know how many people know the password to your email account, but I presume only a small subset would try to renew your ECF membership for youRoger de Coverly wrote:It also sends your password to anyone who knows the password to your email account.
-
- Posts: 4826
- Joined: Tue Apr 17, 2007 1:13 am
- Location: Bideford
Re: Online Membership
To which a valid answer is "have more than one email address"; it's easy enough to register something like [email protected] and use that for those purposes if you really want.Roger de Coverly wrote:A valid question to ask is "What if I don't want to disclose an email address to the ECF?".John Upham wrote: I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?
-
- Posts: 2193
- Joined: Sat Mar 10, 2012 8:18 pm
Re: Online Membership
Or renew by phone, or by post, or via your local MO.IM Jack Rudd wrote:To which a valid answer is "have more than one email address"; it's easy enough to register something like [email protected] and use that for those purposes if you really want.Roger de Coverly wrote:A valid question to ask is "What if I don't want to disclose an email address to the ECF?".John Upham wrote: I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?
Most people prefer ECF membership. GET OVER IT.
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
I'm not going to divulge how my broadband and email access works. But I know this much, I can access my email on a remote computer, so like phone hacking on answer phone messages, it means that anyone who by fair means or foul gets access to the code then has access to emails. Replies to Invites to play for Bourne End are not of themselves a security risk, but systems that reveal other passwords from the email address certainly are. Haven't you seen the press reports warning of this vulnerability?John Upham wrote: How many people (apart from yourself) know the correct password for your email account?
I tend not to divulge this information but possibly you are more generous?
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
You are rather missing the point.Sean Hewitt wrote: I don't know how many people know the password to your email account, but I presume only a small subset would try to renew your ECF membership for you
Many people are tempted to use a limited number of passwords to avoid writing them down. If you share an important password with an unimportant one like access to the ECF , then there's a security vulnerability.
-
- Posts: 7218
- Joined: Wed Apr 04, 2007 10:29 am
- Location: Cove, Hampshire, England.
Re: Online Membership
Does this imply that your account for this forum does not have a stored password?Roger de Coverly wrote: Many people are tempted to use a limited number of passwords to avoid writing them down. If you share an important password with an unimportant one like access to the ECF , then there's a security vulnerability.
I am sure Carl will be making a special effort to reverse engineer the crypt of your password so as he can renew your ECF membership
British Chess News : britishchessnews.com
Twitter: @BritishChess
Facebook: facebook.com/groups/britishchess
Twitter: @BritishChess
Facebook: facebook.com/groups/britishchess
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
The vulnerability is where you share a password from something important, like on-line banking with something less important, like this forum or the ECF.John Upham wrote: Does this imply that your account for this forum does not have a stored password?
I am sure Carl will be making a special effort to reverse engineer the crypt of your password so as he can renew your ECF membership
-
- Posts: 757
- Joined: Wed Jul 15, 2009 12:03 pm
- Location: Behind you
Re: Online Membership
You could always just have more than one password. It's really not that difficult to work around if you're really that worried about it.
True glory lies in doing what deserves to be written; in writing what deserves to be read.
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
It's becoming essential. The point is the ECF is giving out the password with no real check on who it's giving it too. Why have a password in the first place?Rob Thompson wrote:You could always just have more than one password. It's really not that difficult to work around if you're really that worried about it.
-
- Posts: 2193
- Joined: Sat Mar 10, 2012 8:18 pm
Re: Online Membership
Most forgotten password requests re-set your password and email you the new password rather than revealing the old one. I have no idea what the ECF system will do when you click 'forgot password', but suspect that you don't either.Roger de Coverly wrote:The point is the ECF is giving out the password with no real check on who it's giving it too. Why have a password in the first place?
Nervertheless, the over-riding fact is that if you don't want to renew online for any reason you do not have to do so. Equally, you don't have to use the same password for things like ECF membership as you do for things like online banking.
-
- Posts: 2151
- Joined: Thu May 15, 2008 1:37 am
Re: Online Membership
I think most systems will send a reminder of password. That's what the paysubsonline system does - I just tested it.Sean Hewitt wrote: Most forgotten password requests re-set your password and email you the new password rather than revealing the old one. I have no idea what the ECF system will do when you click 'forgot password'.
-
- Posts: 667
- Joined: Thu Apr 22, 2010 1:08 pm
Re: Online Membership
That's funny.... I wonder what else you could use...IM Jack Rudd wrote:
....it's easy enough to register something like [email protected] and use that for those purposes if you really want.
-
- Posts: 21315
- Joined: Tue Apr 15, 2008 2:51 pm
Re: Online Membership
Which is why I asked. If the CEO believes the system will send the quoted email address a brand new password, he should have said soSean Hewitt wrote: I have no idea what the ECF system will do when you click 'forgot password', but suspect that you don't either.
You don't have to enter Congresses on-line either, but it's convenient to do so. It probably saves the organiser some work as well. But you don't need a website specific password to pay a Congress entry fee, so why should you need one for the ECF, particularly where the payment amount involved is often smaller?Sean Hewitt wrote: Nervertheless, the over-riding fact is that if you don't want to renew online for any reason you do not have to do so. Equally, you don't have to use the same password for things like ECF membership as you do for things like online banking.
How much extra would it cost the ECF in Office expenses if everyone renewed directly with the ECF by post or phone?
-
- Posts: 2151
- Joined: Thu May 15, 2008 1:37 am
Re: Online Membership
A few comments on the newly-announced membership system:
- I was able to use the ‘Forgot password’ function to retrieve my system-generated password. I was then able to login and see that my details had been correctly migrated.
- I wasn’t able to renew in advance (my current membership expires at the end of April 2013). This functionality doesn’t seem to be available (I tried to use the ‘Payment’ option but this took me to a near-blank page).
- The three-year membership rates appear to be incorrect, with a £3 discount rather than a £1 discount for on-line applications.
- There doesn’t seem to be any validation of an input ‘Grading reference’ value. It would be useful, for example, to ensure that the format is six digits followed by a letter. It would also be useful to check for multiple uses of the same Grading reference to help prevent input of incorrect values.
- It appears to be possible to make multiple applications for membership and then to make a single payment to cover all applications. I think this is useful.
- A minor point: there’s reference on the registration and ‘My Details’ pages to the ‘Club name’ field but the field is labelled ‘Club’.
- Another minor point: there’s reference to http://ecfgrading.org.uk/ on the registration and ‘My Details’ pages. It would be useful if this was hyperlinked.
- A further minor point: on the registration page, I would position the ‘Submit and Finish’ button below (rather than above) the ‘Submit and add additional members’ button.
- I wonder: Has the system gone through a formal user acceptance test? Appearances would suggest not and this makes me uncomfortable.
- I was able to use the ‘Forgot password’ function to retrieve my system-generated password. I was then able to login and see that my details had been correctly migrated.
- I wasn’t able to renew in advance (my current membership expires at the end of April 2013). This functionality doesn’t seem to be available (I tried to use the ‘Payment’ option but this took me to a near-blank page).
- The three-year membership rates appear to be incorrect, with a £3 discount rather than a £1 discount for on-line applications.
- There doesn’t seem to be any validation of an input ‘Grading reference’ value. It would be useful, for example, to ensure that the format is six digits followed by a letter. It would also be useful to check for multiple uses of the same Grading reference to help prevent input of incorrect values.
- It appears to be possible to make multiple applications for membership and then to make a single payment to cover all applications. I think this is useful.
- A minor point: there’s reference on the registration and ‘My Details’ pages to the ‘Club name’ field but the field is labelled ‘Club’.
- Another minor point: there’s reference to http://ecfgrading.org.uk/ on the registration and ‘My Details’ pages. It would be useful if this was hyperlinked.
- A further minor point: on the registration page, I would position the ‘Submit and Finish’ button below (rather than above) the ‘Submit and add additional members’ button.
- I wonder: Has the system gone through a formal user acceptance test? Appearances would suggest not and this makes me uncomfortable.