owlmoose: (quote - flamethrower)
KJ ([personal profile] owlmoose) wrote2016-05-14 12:01 pm
Entry tags:

Fun times with the Internet

So if you follow my Twitter ([twitter.com profile] iamkj), you probably saw that I got locked out of my Tumblr account for a couple of days. Basically, Tumblr had a password security breach in 2013, and they forced the affected accounts to change their passwords. (I'm not quite sure why a breach of three-year old data necessitates a password change today. Maybe they just now found out about it?) Mine was one of those accounts, so I attempted to reset my password, multiple times, without receiving a verification email.

It turns out the problem was on my end -- the email I use for Tumblr is connected to my personal domain name, and the registration had lapsed -- so as far as that goes, this isn't Tumblr's fault. But if I hadn't been able to get my email fixed, I would have had no recourse, because Tumblr doesn't provide any alternate method of identity verification. When I wrote to Tumblr about the problem, their only suggestion was to register a new account with a different email address and start over.

Dear Tumblr staff: this solution is not a solution at all. In fact, it is completely unacceptable. I understand taking security seriously -- I wouldn't want just anyone to be able to pretend to be me, either. But there are ways around this, ways used by many other sites. Offer a back-up method of account verification, such as a secondary email or mobile phone number. Allow your support staff to exercise their judgement and/or common sense in cases like mine and Bryan Konietzko's (read the sad story here). There are all kinds of reasons why someone might lose access to an email account. Maybe you signed up with a work email and then changed jobs; maybe you graduated from college and your school doesn't provide permanent forwarding; maybe your email host went out of business; maybe someone hacked your account and you had to close it... This is a common enough situation that there needs to be some solution beyond having to close your blog and move on.

Move on?? I've been actively curating my Tumblr blog for over 5 years. I have more than 400 followers. I'm a contributor to several side blogs, including two for which I'm the only admin (so those blogs would have been lost, too). I suppose the content would stay up, but the chance to build on it and continue participating in conversations would be lost. And if it can happen to me, it can happen to others (see above), with far more followers and influence than I. Make your site unsustainable to use in the long term, provide poor customer service, and people will move on, all right -- they'll move on to a new blogging platform.

Fix this, Tumblr. Even if it's too late for people like Bryan to regain access to their accounts, please move into the modern era and implement some sort of back-up authentication method. It's absolutely necessary.
vicki_rae: (ZZZ - I think the word fiasco works here)

[personal profile] vicki_rae 2016-05-14 09:01 pm (UTC)(link)
Absolutely alternate methed needed going forward. It's a incredible mess. I just love tumblr sending people a very perky response of nope sorry we can't help you because we care about your security. WTF? Yeah NOW they do.

Edited (Edit to fix) 2016-05-14 21:08 (UTC)
sarasa_cat: (fran-idiots-ahoy)

[personal profile] sarasa_cat 2016-05-15 01:43 am (UTC)(link)
Wow. Sorry. Glad you were able to regain access and Bryan Konietzko's situation is absolutely unacceptable.

Tumblr has certainly had its moments of "yup, we make at least one unprofessional decision per year" mixed in with its cowboy coding (and a few horror stories from former employees) but this episode pretty much reduces tumblr to "software by kids, for kids," rather than a site where someone can host a business or their professional identity.

lea_hazel: The outlook is somewhat dismal (Feel: Crash and Burn)

[personal profile] lea_hazel 2016-05-15 06:23 am (UTC)(link)
It's quite embarrassing, especially when you consider 1) how many businesses rely on social media for staying in contact with their customers, and 2) how disproportionately this affects smaller business owners.
lea_hazel: Neuron cell (Science: Brains)

[personal profile] lea_hazel 2016-05-16 08:19 am (UTC)(link)
Oh, that's hilarious.

This strikes me in particular, because I recently had to contend with the opposite problem - a complex system designed to have double contingencies for both security and recovery. It helps to remind myself that the alternative isn't really an improvement.
lassarina: Gilgamesh's lines from his final fight in FF5, superimposed over images of Bartz, Lenna, and Faris. (FF5: Fight Like Men)

[personal profile] lassarina 2016-05-15 06:47 pm (UTC)(link)
....wow. so unacceptable. SO INCREDIBLY UNACCEPTABLE.

increasingly glad I'm staring at it from a distance.