[jitsi-users] Lost password, lost password, lost password


#1

Hello developers,

I really like Jitsi and promote it among the (relatively wide) network
of people I work with, help them to troubleshoot, respond to their
complains when this and that doesn't work, etc. I encouraged them to set
up an account on jit.si, to make sure we are all on the same network and
"everything works as smooth as possible".

Some of them have lost their passwords and they are asking me how they
can recover it. Most online services usually provide some psswd recovery
procedure, and the last sentence on registration page indicates that
there should be one for Jit.si too, if you registered with email:
https://jitsi.org/index.php/Register/Register

I've asked on this list for recovery instructions several times, which
was met only with deep silence from jit.si. Search the list archive for
password recovery and you will see that there have been quite a few
other queries on the same, with the same silent result.

Can people from Jit.si let me know how to recover a password, or whom to
talk to, please?

The dev team is usually very responsive which is great and makes the
project double attractive for us. So why this silence around Jit.si account?

thanks

karel


#2

Hi Karel,

As you know, most online services are *free* to use and this means they
come without any type of warranty to work. If you go to
https://jitsi.org/index.php/Register/Register you will notice that at the
bottom of the page it states:

Entering an e-mail address is not mandatory however you will have NO WAY OF
CHANGING YOUR PASSWORD if you ever forget it.

This clearly tells me that if you forget the password, you cannot gain
access to the account again; however, if you DO know your password, you may
login to Jitisi and use the password reset functionality available there.
The kind Jitsi folks even provide this for you to use:
https://jitsi.org/Register/ResetPassword As you can see, you will
*still*need to know the existing password.

If you are hoping for a developer of Jitsi to login to openfire (the xmpp
server) and reset the password on a special case, I think you may consider
ending your hope.

The solution I provided the other day for you to setup a new account. Why
are you resistant to move forward and do that?

Good luck,
Jungle

···

On 13 March 2014 01:55, Karel Novotny <novotny.karel@gmail.com> wrote:

Hello developers,

I really like Jitsi and promote it among the (relatively wide) network
of people I work with, help them to troubleshoot, respond to their
complains when this and that doesn't work, etc. I encouraged them to set
up an account on jit.si, to make sure we are all on the same network and
"everything works as smooth as possible".

Some of them have lost their passwords and they are asking me how they
can recover it. Most online services usually provide some psswd recovery
procedure, and the last sentence on registration page indicates that
there should be one for Jit.si too, if you registered with email:
https://jitsi.org/index.php/Register/Register

I've asked on this list for recovery instructions several times, which
was met only with deep silence from jit.si. Search the list archive for
password recovery and you will see that there have been quite a few
other queries on the same, with the same silent result.

Can people from Jit.si let me know how to recover a password, or whom to
talk to, please?

The dev team is usually very responsive which is great and makes the
project double attractive for us. So why this silence around Jit.si
account?

thanks

karel

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si


#3

Hi Jungle,

I wrote upfront that I appreciate Jitsi, its dev team, I like it and
promote it. I did so in hope that noone would get offended with second
part of my message. I didn't complain about Jitsi, nor jit.si, but about
not getting answer to a straightforward question (or so I think, at
least). More response below...

Hi Karel,

As you know, most online services are *free* to use and this means
they come without any type of warranty to work. If you go
to https://jitsi.org/index.php/Register/Register you will notice that
at the bottom of the page it states:

Entering an e-mail address is not mandatory however you will have NO
WAY OF CHANGING YOUR PASSWORD if you ever forget it.

Thanks but i noticed that too. I was not asking what to do when you just
forget your password. My question was about "is there a password
recovery mechanism, if you provided your email upon registration"?

This clearly tells me that if you forget the password, you cannot gain
access to the account again; however, if you DO know your password,
you may login to Jitisi and use the password reset functionality
available there. The kind Jitsi folks even provide this for you to
use: https://jitsi.org/Register/ResetPassword As you can see, you will
*still* need to know the existing password.

Thanks for explanation. I don't need to change password though.

If you are hoping for a developer of Jitsi to login to openfire (the
xmpp server) and reset the password on a special case, I think you may
consider ending your hope.

I didn't expect that, and I am not hoping for any special treatment. So
not really sure why is your irony needed.

The solution I provided the other day for you to setup a new account.
Why are you resistant to move forward and do that?

Nobody wants to change account unless it is necessary, particularly not
people you've convinced to migrate to a new service, as I did with a
large team. So I don't find your advice terribly useful. What would be
more useful instead would be a clear information on
https://jitsi.org/index.php/Register/Register and in this list that says:

"Beware, there is no way you can recover your lost password on Jit.si,
whether you registered your email or not". fair enough.

I wasn't getting that info so I was hesitant to make people change
accounts, which is generally quite unpopular measure. Now I know.

karel

···

On 13.3.2014 17:51, jungleboogie0 wrote:

Good luck,
Jungle

On 13 March 2014 01:55, Karel Novotny <novotny.karel@gmail.com > <mailto:novotny.karel@gmail.com>> wrote:

    Hello developers,

    I really like Jitsi and promote it among the (relatively wide) network
    of people I work with, help them to troubleshoot, respond to their
    complains when this and that doesn't work, etc. I encouraged them
    to set
    up an account on jit.si <http://jit.si>, to make sure we are all
    on the same network and
    "everything works as smooth as possible".

    Some of them have lost their passwords and they are asking me how they
    can recover it. Most online services usually provide some psswd
    recovery
    procedure, and the last sentence on registration page indicates that
    there should be one for Jit.si too, if you registered with email:
    https://jitsi.org/index.php/Register/Register

    I've asked on this list for recovery instructions several times, which
    was met only with deep silence from jit.si <http://jit.si>. Search
    the list archive for
    password recovery and you will see that there have been quite a few
    other queries on the same, with the same silent result.

    Can people from Jit.si let me know how to recover a password, or
    whom to
    talk to, please?

    The dev team is usually very responsive which is great and makes the
    project double attractive for us. So why this silence around
    Jit.si account?

    thanks

    karel

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info <mailto:jungleboogie@sip2sip.info>
xmpp: jungle-boogie@jit.si <mailto:jungle-boogie@jit.si>

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

This clearly tells me that if you forget the password, you cannot gain
access to the account again; however, if you DO know your password,
you may login to Jitisi and use the password reset functionality
available there. The kind Jitsi folks even provide this for you to
use: https://jitsi.org/Register/ResetPassword As you can see, you will
*still* need to know the existing password.

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

As for ResetPassword, I would expect just a field where I have to enter
my account name (or the email-address I've given when creating the
jit.si account) and have a link sent to me that allows me to enter a new
password.

Sure, there can be people who intercept such a password-reset-mail, but
that's still better than not being able to re-gain a access to the account.

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords? Advertisements?

Just my 2 cents.

Ralf

PS: Karel, maybe this helps:

http://permalink.gmane.org/gmane.comp.voip.jitsi.user/5752


#5

Hey there,

This clearly tells me that if you forget the password, you cannot gain
access to the account again; however, if you DO know your password,
you may login to Jitisi and use the password reset functionality
available there. The kind Jitsi folks even provide this for you to
use: https://jitsi.org/Register/ResetPassword As you can see, you will
*still* need to know the existing password.

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

As for ResetPassword, I would expect just a field where I have to enter
my account name (or the email-address I've given when creating the
jit.si account) and have a link sent to me that allows me to enter a new
password.

The link that takes you there is over a text that says: "change your
password here".

Sure, there can be people who intercept such a password-reset-mail, but
that's still better than not being able to re-gain a access to the account.

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

Advertisements?

... sigh ...

Just my 2 cents.

Thanks for sharing them!

Emil

···

On Fri, Mar 14, 2014 at 2:04 PM, Ralf Hemmecke <hemmecke@gmail.com> wrote:

Ralf

PS: Karel, maybe this helps:

http://permalink.gmane.org/gmane.comp.voip.jitsi.user/5752

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org


#6

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

The link that takes you there is over a text that says: "change your
password here".

Maybe you mean some other URL. I see the following (see attached picture).

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

OK. And understood. But as Karel already said, it's simple and more
people understand the whole procedure if it is clearly written on the
account registration page that password-recovery is (currently) done
manually. That would avoid quite a lot of confusion and frustration on
the user side. Nobody wants to steal developer's time by writing again
and again to the mailing list because it is not clear why there is no
quick answer.

Everyone understands that this is free software and done by people that
earn no money from doing that work.

So the easiest solution is to such write something appropriate onto the
registration page (or even on the ResetPassword page as people might
immediately come there via a search engine).

I hope you understand that I am not complaining but rather try to remove
frustration.

Ralf


#7

Hey folks,

We're currently looking at some Openfire plugins that would enable us to provide an easy to use reset password mechanism. We'll keep you posted!

Best regards,
Yana

···

On 14 Mar 2014, at 17:38, Ralf Hemmecke <hemmecke@gmail.com> wrote:

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

The link that takes you there is over a text that says: "change your
password here".

Maybe you mean some other URL. I see the following (see attached picture).

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

OK. And understood. But as Karel already said, it's simple and more
people understand the whole procedure if it is clearly written on the
account registration page that password-recovery is (currently) done
manually. That would avoid quite a lot of confusion and frustration on
the user side. Nobody wants to steal developer's time by writing again
and again to the mailing list because it is not clear why there is no
quick answer.

Everyone understands that this is free software and done by people that
earn no money from doing that work.

So the easiest solution is to such write something appropriate onto the
registration page (or even on the ResetPassword page as people might
immediately come there via a search engine).

I hope you understand that I am not complaining but rather try to remove
frustration.

Ralf
<jitsi-reset-password.jpg>_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#8

Hey folks,

We're currently looking at some Openfire plugins that would enable us to provide an easy to use reset password mechanism. We'll keep you posted!

great news! Thanks.

karel

···

On 14.3.2014 16:46, Yana Stamcheva wrote:

Best regards,
Yana

On 14 Mar 2014, at 17:38, Ralf Hemmecke <hemmecke@gmail.com> wrote:

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

The link that takes you there is over a text that says: "change your
password here".

Maybe you mean some other URL. I see the following (see attached picture).

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

OK. And understood. But as Karel already said, it's simple and more
people understand the whole procedure if it is clearly written on the
account registration page that password-recovery is (currently) done
manually. That would avoid quite a lot of confusion and frustration on
the user side. Nobody wants to steal developer's time by writing again
and again to the mailing list because it is not clear why there is no
quick answer.

Everyone understands that this is free software and done by people that
earn no money from doing that work.

So the easiest solution is to such write something appropriate onto the
registration page (or even on the ResetPassword page as people might
immediately come there via a search engine).

I hope you understand that I am not complaining but rather try to remove
frustration.

Ralf
<jitsi-reset-password.jpg>_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#9

I like and recommend Jitsi for many reasons. One of them is that there
is no way of getting around knowing the correct password. So if a
feature to get around knowing the password is implemented in Jitsi or
the website, I hope it will be possible NOT to use it for those who so
desire.

After all, if I did not care for all the security benefits of Jitsi, I
would still be using Skype.

For anyone wondering why some of us prefer NOT to have a password
recovery feature, I recommend this blog by Bruce Schneier;
"The Curse of the Secret Question"
https://www.schneier.com/essay-081.html

···

On 14-03-2014 16:46, Yana Stamcheva wrote:

Hey folks,

We're currently looking at some Openfire plugins that would enable us to provide an easy to use reset password mechanism. We'll keep you posted!

Best regards,
Yana

On 14 Mar 2014, at 17:38, Ralf Hemmecke <hemmecke@gmail.com> wrote:

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

The link that takes you there is over a text that says: "change your
password here".

Maybe you mean some other URL. I see the following (see attached picture).

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

OK. And understood. But as Karel already said, it's simple and more
people understand the whole procedure if it is clearly written on the
account registration page that password-recovery is (currently) done
manually. That would avoid quite a lot of confusion and frustration on
the user side. Nobody wants to steal developer's time by writing again
and again to the mailing list because it is not clear why there is no
quick answer.

Everyone understands that this is free software and done by people that
earn no money from doing that work.

So the easiest solution is to such write something appropriate onto the
registration page (or even on the ResetPassword page as people might
immediately come there via a search engine).

I hope you understand that I am not complaining but rather try to remove
frustration.

Ralf
<jitsi-reset-password.jpg>_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#10

Happily, since password recovery is a feature of your SIP/XMPP provider,
and not of Jitsi itself, the Jitsi team can implement this on their
services, and you can switch to a service that has no password recovery
feature...

···

On 03/15/2014 10:38 AM, PrivacyDefence wrote:

I like and recommend Jitsi for many reasons. One of them is that there
is no way of getting around knowing the correct password. So if a
feature to get around knowing the password is implemented in Jitsi or
the website, I hope it will be possible NOT to use it for those who so
desire.

After all, if I did not care for all the security benefits of Jitsi, I
would still be using Skype.

For anyone wondering why some of us prefer NOT to have a password
recovery feature, I recommend this blog by Bruce Schneier;
"The Curse of the Secret Question"
https://www.schneier.com/essay-081.html

On 14-03-2014 16:46, Yana Stamcheva wrote:

Hey folks,

We're currently looking at some Openfire plugins that would enable us to provide an easy to use reset password mechanism. We'll keep you posted!

Best regards,
Yana

On 14 Mar 2014, at 17:38, Ralf Hemmecke <hemmecke@gmail.com> wrote:

I'm not affected by this "no way to reset a forgotten password", but the
link https://jitsi.org/Register/ResetPassword should rather be called
"ChangePassword", because this is what it is.

The link that takes you there is over a text that says: "change your
password here".

Maybe you mean some other URL. I see the following (see attached picture).

Why is jit.si collecting email-addresses then, if it is not to help with
forgotten passwords?

It does help. However it's currently a manual process and hence
subject to a developer finding the time to actually do it.

OK. And understood. But as Karel already said, it's simple and more
people understand the whole procedure if it is clearly written on the
account registration page that password-recovery is (currently) done
manually. That would avoid quite a lot of confusion and frustration on
the user side. Nobody wants to steal developer's time by writing again
and again to the mailing list because it is not clear why there is no
quick answer.

Everyone understands that this is free software and done by people that
earn no money from doing that work.

So the easiest solution is to such write something appropriate onto the
registration page (or even on the ResetPassword page as people might
immediately come there via a search engine).

I hope you understand that I am not complaining but rather try to remove
frustration.

Ralf
<jitsi-reset-password.jpg>_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#11

Since the whole action somehow started on my request... it is simple to
let some people recover their passwords and some not.

If a user doesn't want password recovery, he/she shouldn't supply an
email address.

Nobody with a deep security concern will probably ever have provided an
email address in the first place. Am I wrong?

But yes, I understand, if someone has chosen jit.si as a sip/xmpp
provider because it does not (easily) allow password recovery and now
jit.si tries to make password recovery easier, also that should be a
concern of the jit.si team, because nobody wants to change their
(virtual) identity.

Nobody should lose his/her password, anyway. But unfortunately we live
in an imperfect world.

Ralf

···

On 03/15/2014 07:43 PM, Steve Havelka wrote:

Happily, since password recovery is a feature of your SIP/XMPP provider,
and not of Jitsi itself, the Jitsi team can implement this on their
services, and you can switch to a service that has no password recovery
feature...