password change issue...

user · July 25, 2013, 5:48am

Thanks to that ubuntu hack attack, the password that I used generically for
forums with HTTP: secure login screens was compromised…

Yes I confess I used the same password here as there.

Feel free to tell me I’m an idiot.

But mostly tell me how to re-secure my web forum access…

I saw in some thread that opensuse’s forum is more secure than since the forum itself doesn’t
this needed to be done via the login assistance link
on the secure login screen. But when I go there I get redirected:


https://www.suse.com/company/novell_redirect.html?url=https://secure-www.novell.com/selfreg/jsp/forgotAll.jsp

Which ONLY offers me a means to enter my email to get an reminder email
with the security question data needed to reset the password…
**
There isn’t any place to enter the security question data if you have it…
**
The reminder email instructs:

But I can’t find an actual forgot password link on the login page. Just that
login assistance link that doesn’t lead to anyplace to actually enter the
security data to activate the reset function…

It feels like an infinite loop…

I did try the contact us link and explained the problem to somebody there.
He had me walk him through the process one url at a time so that he could see
what I saw… He seemed to understand.He needed to check with somebody and
promised to get back to me… That was nearly 12 hrs ago, neither did my phone
ring, nor did my inbox get an email (yet)

I just checked and the “Login Assistance” link still gets redirected to:


https://secure-www.novell.com/selfreg/jsp/forgotAll.jsp

Which still doesn’t offer anyplace to put the security question data that it
is still willing to email to me.

Could be he is working on the problem and will yet get back to me. IF so I’ll
post what he says here. In the mean time I thought I’d let you know that
there may be a new wrinkle to the password change thing.

Am I the only one seeing this???

–
| ^^^ ^^^
|
| ^ JtWdyP | ___ | '

hendersj · July 25, 2013, 6:16am

On Thu, 25 Jul 2013 03:48:31 +0000, Joe Philbrook wrote:

> Thanks to that ubuntu hack attack, the password that I used generically
> for forums with HTTP: secure login screens was compromised…
>
> Yes I confess I used the same password here as there.
>
> Feel free to tell me I’m an idiot.
>
> But mostly tell me how to re-secure my web forum access…
>
> I saw in some thread that opensuse’s forum is more secure than since the
> forum itself doesn’t this needed to be done via the login assistance
> link on the secure login screen. But when I go there I get redirected:

We’ll have to update the FAQ, looks like it’s out of date since we
changed the login page.

To change your password:

Click he “login” link when not logged in.
Click “Account Assistance”
Click “Edit Account” (left-hand side of the window)
Login with your username and password.
Scroll down to the password boxes and enter your new password.
Click “Save”.

I’ll talk to our technical admin and get the FAQ updated with the proper
procedure.

Thanks!

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

jtwdyp · July 25, 2013, 5:41pm

It would appear that on Jul 25, Jim Henderson did say:

> We’ll have to update the FAQ, looks like it’s out of date since we
> changed the login page.
>
> To change your password:
>
> 1. Click he “login” link when not logged in.
>
> 2. Click “Account Assistance”

So far so good:

> 3. Click “Edit Account” (left-hand side of the window)

This is where the problem is…

I’m getting a multiple redirect to a page that has no left hand side…

First a tab opens with:

http://i39.tinypic.com/2gtautl.png

Which quickly changes to:

http://i39.tinypic.com/202sgi.png

Which almost instantly opens another tab with:

http://i40.tinypic.com/w12w3n.png

None of the above have an “edit” button. And when I <alt>+<left> my way back to
the suse logo-ed page, {the only one of the three with a login link} Clicking
on that login link only opens yet another tab with the same suse login screen
from which this login assistance loop started…

–
| ^^^ ^^^
| <o> <o>
| ^ JtWdyP
| ___

<sigh>

<< there’s nothing like an idiot who thinks he knows everything, of >>
<< course, if I actually knew everything, I’d know I was an idiot. >>

hendersj · July 25, 2013, 5:45pm

On Thu, 25 Jul 2013 15:41:10 +0000, JtWdyP wrote:

> I’m getting a multiple redirect to a page that has no left hand side…

Clear cache and cookies and retry. That’s usually the way to work around
weird multiple redirects.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

jtwdyp · July 25, 2013, 6:54pm

It would appear that on Jul 25, Jim Henderson did say:

> Clear cache and cookies and retry. That’s usually the way to work around
> weird multiple redirects.

OK that worked. Though might I suggest that when the tech admin updates
that FAQ, it might be good to add a footnote to your step 3:

>> > 3. Click “Edit Account” (left-hand side of the window)

Which mentions what to do if you don’t get the edit link…

Would it be a good idea to include the direct url to the login page so
that if the user’s browser closes tabs when it clears the cache, the user
might be able to get back there without picking up new cookies???

https://login.attachmategroup.com/nidp/idff/sso?id=6&sid=0&option=credential&sid=0

I mean after you cleared the forums.opensuse.org cookies and what not, the
browser isn’t going to automatically return to the forum anyway…

Just a thought:
Thanks!

–
| — ___
| <0> <->
| ^ JtWdyP
| ~___/~

hendersj · July 25, 2013, 11:10pm

On Thu, 25 Jul 2013 16:54:16 +0000, JtWdyP wrote:

> It would appear that on Jul 25, Jim Henderson did say:
>
>> Clear cache and cookies and retry. That’s usually the way to work
>> around weird multiple redirects.
>
> OK that worked. Though might I suggest that when the tech admin updates
> that FAQ, it might be good to add a footnote to your step 3:
>
>>> > 3. Click “Edit Account” (left-hand side of the window)
>
> Which mentions what to do if you don’t get the edit link…
>
> Would it be a good idea to include the direct url to the login page so
> that if the user’s browser closes tabs when it clears the cache, the
> user might be able to get back there without picking up new cookies???
>
> https://login.attachmategroup.com/nidp/idff/sso?
id=6&sid=0&option=credential&sid=0
>
> I mean after you cleared the forums.opensuse.org cookies and what not,
> the browser isn’t going to automatically return to the forum anyway…
>
> Just a thought:
> Thanks!

Good thoughts, thanks - I’ll give them some consideration and see if we
can’t enhance it further (I just got word that it has been updated
already).

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C