Fun times with the Internet
May. 14th, 2016 12:01 pmSo if you follow my Twitter (![[twitter.com profile]](https://p.dreamwidth.org/e0caa790ec10/-/twitter.com/favicon.ico)
iamkj), you probably saw that I got locked out of my Tumblr account for a couple of days. Basically, Tumblr had a password security breach in 2013, and they forced the affected accounts to change their passwords. (I'm not quite sure why a breach of three-year old data necessitates a password change today. Maybe they just now found out about it?) Mine was one of those accounts, so I attempted to reset my password, multiple times, without receiving a verification email.
It turns out the problem was on my end -- the email I use for Tumblr is connected to my personal domain name, and the registration had lapsed -- so as far as that goes, this isn't Tumblr's fault. But if I hadn't been able to get my email fixed, I would have had no recourse, because Tumblr doesn't provide any alternate method of identity verification. When I wrote to Tumblr about the problem, their only suggestion was to register a new account with a different email address and start over.
Dear Tumblr staff: this solution is not a solution at all. In fact, it is completely unacceptable. I understand taking security seriously -- I wouldn't want just anyone to be able to pretend to be me, either. But there are ways around this, ways used by many other sites. Offer a back-up method of account verification, such as a secondary email or mobile phone number. Allow your support staff to exercise their judgement and/or common sense in cases like mine and Bryan Konietzko's (read the sad story here). There are all kinds of reasons why someone might lose access to an email account. Maybe you signed up with a work email and then changed jobs; maybe you graduated from college and your school doesn't provide permanent forwarding; maybe your email host went out of business; maybe someone hacked your account and you had to close it... This is a common enough situation that there needs to be some solution beyond having to close your blog and move on.
Move on?? I've been actively curating my Tumblr blog for over 5 years. I have more than 400 followers. I'm a contributor to several side blogs, including two for which I'm the only admin (so those blogs would have been lost, too). I suppose the content would stay up, but the chance to build on it and continue participating in conversations would be lost. And if it can happen to me, it can happen to others (see above), with far more followers and influence than I. Make your site unsustainable to use in the long term, provide poor customer service, and people will move on, all right -- they'll move on to a new blogging platform.
Fix this, Tumblr. Even if it's too late for people like Bryan to regain access to their accounts, please move into the modern era and implement some sort of back-up authentication method. It's absolutely necessary.
It turns out the problem was on my end -- the email I use for Tumblr is connected to my personal domain name, and the registration had lapsed -- so as far as that goes, this isn't Tumblr's fault. But if I hadn't been able to get my email fixed, I would have had no recourse, because Tumblr doesn't provide any alternate method of identity verification. When I wrote to Tumblr about the problem, their only suggestion was to register a new account with a different email address and start over.
Dear Tumblr staff: this solution is not a solution at all. In fact, it is completely unacceptable. I understand taking security seriously -- I wouldn't want just anyone to be able to pretend to be me, either. But there are ways around this, ways used by many other sites. Offer a back-up method of account verification, such as a secondary email or mobile phone number. Allow your support staff to exercise their judgement and/or common sense in cases like mine and Bryan Konietzko's (read the sad story here). There are all kinds of reasons why someone might lose access to an email account. Maybe you signed up with a work email and then changed jobs; maybe you graduated from college and your school doesn't provide permanent forwarding; maybe your email host went out of business; maybe someone hacked your account and you had to close it... This is a common enough situation that there needs to be some solution beyond having to close your blog and move on.
Move on?? I've been actively curating my Tumblr blog for over 5 years. I have more than 400 followers. I'm a contributor to several side blogs, including two for which I'm the only admin (so those blogs would have been lost, too). I suppose the content would stay up, but the chance to build on it and continue participating in conversations would be lost. And if it can happen to me, it can happen to others (see above), with far more followers and influence than I. Make your site unsustainable to use in the long term, provide poor customer service, and people will move on, all right -- they'll move on to a new blogging platform.
Fix this, Tumblr. Even if it's too late for people like Bryan to regain access to their accounts, please move into the modern era and implement some sort of back-up authentication method. It's absolutely necessary.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}