Online Membership

[Roger de Coverly]

I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?

A valid question to ask is "What if I don't want to disclose an email address to the ECF?".

[Sean Hewitt]

It also sends your password to anyone who knows the password to your email account.

I don't know how many people know the password to your email account, but I presume only a small subset would try to renew your ECF membership for you

[IM Jack Rudd]

I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?

A valid question to ask is "What if I don't want to disclose an email address to the ECF?".

To which a valid answer is "have more than one email address"; it's easy enough to register something like [email protected] and use that for those purposes if you really want.

[Sean Hewitt]

I'm anticipating follow-up questions to potentially to be "What happens if you do not have an email address?

A valid question to ask is "What if I don't want to disclose an email address to the ECF?".

To which a valid answer is "have more than one email address"; it's easy enough to register something like [email protected] and use that for those purposes if you really want.

Or renew by phone, or by post, or via your local MO.

Most people prefer ECF membership. GET OVER IT.

[Roger de Coverly]

How many people (apart from yourself) know the correct password for your email account?

I tend not to divulge this information but possibly you are more generous?

I'm not going to divulge how my broadband and email access works. But I know this much, I can access my email on a remote computer, so like phone hacking on answer phone messages, it means that anyone who by fair means or foul gets access to the code then has access to emails. Replies to Invites to play for Bourne End are not of themselves a security risk, but systems that reveal other passwords from the email address certainly are. Haven't you seen the press reports warning of this vulnerability?

[Roger de Coverly]

I don't know how many people know the password to your email account, but I presume only a small subset would try to renew your ECF membership for you

You are rather missing the point.

Many people are tempted to use a limited number of passwords to avoid writing them down. If you share an important password with an unimportant one like access to the ECF , then there's a security vulnerability.

[John Upham]

Many people are tempted to use a limited number of passwords to avoid writing them down. If you share an important password with an unimportant one like access to the ECF , then there's a security vulnerability.

Does this imply that your account for this forum does not have a stored password?

I am sure Carl will be making a special effort to reverse engineer the crypt of your password so as he can renew your ECF membership

[Roger de Coverly]

Does this imply that your account for this forum does not have a stored password?

I am sure Carl will be making a special effort to reverse engineer the crypt of your password so as he can renew your ECF membership

The vulnerability is where you share a password from something important, like on-line banking with something less important, like this forum or the ECF.

[Rob Thompson]

You could always just have more than one password. It's really not that difficult to work around if you're really that worried about it.

[Roger de Coverly]

You could always just have more than one password. It's really not that difficult to work around if you're really that worried about it.

It's becoming essential. The point is the ECF is giving out the password with no real check on who it's giving it too. Why have a password in the first place?

[Sean Hewitt]

The point is the ECF is giving out the password with no real check on who it's giving it too. Why have a password in the first place?

Most forgotten password requests re-set your password and email you the new password rather than revealing the old one. I have no idea what the ECF system will do when you click 'forgot password', but suspect that you don't either.

Nervertheless, the over-riding fact is that if you don't want to renew online for any reason you do not have to do so. Equally, you don't have to use the same password for things like ECF membership as you do for things like online banking.

[Angus French]

Most forgotten password requests re-set your password and email you the new password rather than revealing the old one. I have no idea what the ECF system will do when you click 'forgot password'.

I think most systems will send a reminder of password. That's what the paysubsonline system does - I just tested it.

[Krishna Shiatis]

....it's easy enough to register something like [email protected] and use that for those purposes if you really want.

That's funny.... I wonder what else you could use...

[Roger de Coverly]

I have no idea what the ECF system will do when you click 'forgot password', but suspect that you don't either.

Which is why I asked. If the CEO believes the system will send the quoted email address a brand new password, he should have said so

Nervertheless, the over-riding fact is that if you don't want to renew online for any reason you do not have to do so. Equally, you don't have to use the same password for things like ECF membership as you do for things like online banking.

You don't have to enter Congresses on-line either, but it's convenient to do so. It probably saves the organiser some work as well. But you don't need a website specific password to pay a Congress entry fee, so why should you need one for the ECF, particularly where the payment amount involved is often smaller?

How much extra would it cost the ECF in Office expenses if everyone renewed directly with the ECF by post or phone?

[Angus French]

A few comments on the newly-announced membership system:
- I was able to use the ‘Forgot password’ function to retrieve my system-generated password. I was then able to login and see that my details had been correctly migrated.
- I wasn’t able to renew in advance (my current membership expires at the end of April 2013). This functionality doesn’t seem to be available (I tried to use the ‘Payment’ option but this took me to a near-blank page).
- The three-year membership rates appear to be incorrect, with a £3 discount rather than a £1 discount for on-line applications.
- There doesn’t seem to be any validation of an input ‘Grading reference’ value. It would be useful, for example, to ensure that the format is six digits followed by a letter. It would also be useful to check for multiple uses of the same Grading reference to help prevent input of incorrect values.
- It appears to be possible to make multiple applications for membership and then to make a single payment to cover all applications. I think this is useful.
- A minor point: there’s reference on the registration and ‘My Details’ pages to the ‘Club name’ field but the field is labelled ‘Club’.
- Another minor point: there’s reference to http://ecfgrading.org.uk/ on the registration and ‘My Details’ pages. It would be useful if this was hyperlinked.
- A further minor point: on the registration page, I would position the ‘Submit and Finish’ button below (rather than above) the ‘Submit and add additional members’ button.
- I wonder: Has the system gone through a formal user acceptance test? Appearances would suggest not and this makes me uncomfortable.