RE: [DNS] password recovery tool

RE: [DNS] password recovery tool

From: Cyrille Lefevre <cyrille.lefevre§scifi-art.com>
Date: Tue, 29 Jul 2003 10:58:53 +1000
mmmm..

Rod Keys + Domain Names + Domain Name Passwords + Scripts =  ?
............(more than 1600 mistakes??)

Just Kidding Rod, don't take it personally ok ?


ginger FISH



-----Original Message-----
From: Discount Domain Name Services [mailto:rod&#167;ddns.com.au]
Sent: Tuesday, July 29, 2003 10:41 AM
To: dns&#167;lists.auda.org.au
Subject: RE: [DNS] password recovery tool


Chris,
Can you let us know when this issue is finalised as I for one need to engage
the services of a software engineer to write another script and &#167; $100 per
hour don't want to get him back time and again for reworks.
Rod Keys

-----Original Message-----
From: Chris Disspain [mailto:ceo&#167;auda.org.au]
Sent: Tuesday, July 29, 2003 9:41 AM
To: DNS List
Subject: [DNS] password recovery tool


All,

auDA's password recovery tool was put in place specifically to deal with
those domain names for which we are providing 'temporary' registrar
services (net.au, org.au and some com.au).

Behind it sits a mechanism to recover your password in the event that
the email address in the database is incorrect. Use of that manual fax
form also has the effect of enabling the email address in the data base
to be updated. auDA provides this service for the registrants for which
it is currently a temporary registrar.

The service has been disabled for all other domain names for several
reasons.

Firstly, auDA was concerned that email contact addresses could be
delivered for the whole of the data base through this tool. Our logs do
not show any pattern of heavy querying at all but, none the less, it is
a possibility.

Secondly, some registrars had chosen to refer customers to this tool
rather than supplying one of their own or using the one supplied to
registrars by AusRegistry.

Thirdly, some registrants, having been referred to the tool by their
registrar were under the impression that they could use the manual
password recovery system to get their password even though auDA was not
their registrar. This has lead to registrants experiencing frustration
and delays in password recovery.

What should happen is that each registrar should provide their own
password recovery tool that only delivers a result for domain names for
which they are registrar. There are a couple of ways this could work.
Either it can display the email address for the registrant to check and
then submit for an electronic delivery of password or move to manual
recovery OR it can refer the registrant to whois first to check that the
email address is correct.

In the end it's a balance between a level of customer service and
security.

We are still working on this issue and more changes may occur as we test
methods of creating the right balance.

Regards,


Chris Disspain
CEO - auDA
ceo&#167;auda.org.au
www.auda.org.au





---------------------------------------------------------------------------
List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/
Please do not retransmit articles on this list without permission of the
author, further information at the above URL.  (336 subscribers.)




---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.502 / Virus Database: 300 - Release Date: 18/7/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.502 / Virus Database: 300 - Release Date: 18/7/2003
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC