Too easy to sign up
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Fix Released
|
Low
|
Unassigned |
Bug Description
I now accidentally have 3, possibly 4 logins to Launchpad due to it's eagerness to sign up new users without telling them what's happening.
1) Select an email address not used for launchpad (we all have more than 1)
2) Enter the email on login and guess what you'd have set your password to
3) Screen will say passwords don't match
4) Click forgotten password
5) Launchpad now makes it sound like you have an account and sends you a confirmation code
6) Fill in the code from your email and you have a new account.
You now have two OpenID accounts. You now have your bug reports fragmented over two separate accounts. Come back in a years time with a new bug and you may end up with three accounts.
I think the site needs to make it clear that it is creating a new account to warn people that they have entered the wrong email address. If I'm saying I have forgotten my password then it is likely that I know I have an account but I don't know my exact username/password combination.
I know that you don't want to give away any information on whether an account exists to attackers, but I think that shouldn't overtake the user experience. I don't know any other website that operates like this.
Steve
EDIT: I have discovered if you add extra email addresses to one account that match a duplicate, then you can infact merge the accounts together, which is much appreciated. I think the original point still holds though.
description: | updated |
description: | updated |
Changed in canonical-identity-provider: | |
importance: | Undecided → Low |
status: | New → Fix Committed |
milestone: | none → 12.01.05 |
Changed in canonical-identity-provider: | |
status: | Fix Committed → Fix Released |
password management is done by a separate site - login.ubuntu.com.