Home » Forums » Ubercart » Ideas and Suggestions
2 replies [Last post]
Thu, 07/12/2012 - 11:58
Maury Markowitz
Maury Markowitz's picture
Offline
Joined: 07/12/2012
Juice: 12
Was this information Helpful?

I had to try a dozen - literal - times to create an account.

This site uses OpenID, which I thought would make my life easy. However, it does simply let me click a google icon or anything, no, I had to go and find out what the Google OpenId URL was... which isn't as easy as you might think.

Ok, so that worked and I'm logged in and ready to go, right? Wrong. Although I am now fully identified, the software demanded that I make a new account anyway. This is precisely what OpenID is supposed to eliminate, right?

Ok fine, so I start filling things out, including the password I use on all low-value sites. I don't mean "low value" as in "not much of value here", I mean "low value" as in "if someone steals the password from that site, I don't care because I won't post any high value information".

However, it wouldn't let me do this. A warning came up complaining that my password had to be at least six characters, even though it was much longer than that. Assuming it was actually complaining about the content, as there was a yellow warning, I tried another. No joy. And another. Again. So then I made a 13 character random one and pasted it from my text editor into both fields. Nope.

Basically if you fail once, some state gets set in the browser that ensures you can no longer register properly. I had to use a different browser to get it to work.

ALL of these are issues. It should not take 5 minutes to create a friging account. In fact, I shouldn't have to create an account at all, that's what frigging OpenID is for!!

Top
Thu, 07/12/2012 - 13:03
#1 View page
a.Knutson
a.Knutson's picture
Offline
Administrator
Joined: 11/22/2011
Juice: 456
Re: Reduce password security on this web site

You've brought up a good point about the OpenID service. I'll take a closer look into finding an alternative solution. Perhaps another module could make it easier on folks.

As far as the security issue goes: Behind the scenes ubercart.org is on a constant battleground with spammers. Due to Ubercart's world-wide popularity, we get heavily targeted by spam bots. So we were forced into a situation where we either ramp up our security efforts or fall victim to a site riddled with Viagra ads.

I just created a new account with no problems so I'm having a hard time duplicating your expressed issue. I apologize you had such a rough time getting the account up and running. Thanks for taking the time to give us proper feedback.

Top
Wed, 07/18/2012 - 15:34
#2 View page
Maury Markowitz
Maury Markowitz's picture
Offline
Joined: 07/12/2012
Juice: 12
Re: Re: Reduce password security on this web site

I tried to log on an respond early, but of course I had already lost the password...

So I tried OpenID again. Instead of logging me into my account, it sent me to the new-user account setup again. This was unexpected.

Text on the screen seemed to suggest that I could like my OpenID to the account.

Before we go the module route, here's some simpler suggestions:

1) Link the OpenID to the account automatically *if you used OpenID to start the account* (as I did). I suspect this will not be too difficult.

2) Placing the conventional OpenID links on the login screen should be a no-brainer. This would save the user looking up and cut/pasting the URLs.

3) The text on the password verifier is misleading. In fact, this was the problem from the start - it came up in red (well, pink) stating that the password was bad. In fact, it was accepting the password just fine. It was a warning, not an error.

4) Whatever cookie/state/URLmangling was set when I first attempted to save my new account was not cleared. All attempts to save my account after that failed, in spite of the error being fixed. I believed it was the passwords, but in fact this was not an error at all. This is likely a bug, perhaps one to do with browser software.

Top