So someone I know (no names) got their email changed, confirmed, then had their account deleted by someone else. Though this wouldn’t have helped prevent the deletion, I think one major thing was overlooked: changing your email should require confirmation from the ORIGINAL email, not just the new one. Though the new one should also be confirmed (just to prove it exists), the old one should also be re-confirmed so that only the owner of the old email can allow the change to the new email.

Ideally, as well, the email would say something like “did you really request this email change? If not, sign in to your account immediately and change your password.” the way that MediaWiki does for email changes.

I think this is something that’s been majorly overlooked - it really should be changed. What about your thoughts, though?

Additionally, deleting an account shouldn't be so easy. It's so easy for someone to just crack someone else's password and delete years of progress. Deleting an account should also require email confirmation.

Aside from being involved in the case that sparked this suggestion, I do support this change in the system. I would also support an e-mail confirmation before deletion of the account, as in conjunction with this, it would mean that a potential hacker of you account would require both your Scratch login and e-mail login. Assuming that you use two different passwords for these two things, this would mean that it would likely take at least twice as long to find both with a password finder bot. This would definitely improve security on Scratch with deleting your account, although somebody could still delete projects, so maybe there could also be some protection on that, but that is all I have to say on this topic for now.

turkey3 wrote:

Additionally, deleting an account shouldn't be so easy. It's so easy for someone to just crack someone else's password and delete years of progress. Deleting an account should also require email confirmation.

^ I support this as well as the OP

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

Support! This would help make sure Scratch is more secure.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

^^ I totally agree with this. I forgot to switch over a TON of emails before verizon stopped working and now I'm needing to replace a lot of accounts because they use the form of email verification in the op.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

^^^^

Sorry, but adding this would lead to more problems because what happens if a user changes their email because their old email isn't working and then something like this pops up? It would be best to let users change their emails in-case their old email isn't working.

Charles12310 wrote:

-snip-

^^^^

Sorry, but adding this would lead to more problems because what happens if a user changes their email because their old email isn't working and then something like this pops up? It would be best to let users change their emails in-case their old email isn't working.

Well while this would be true, having to wait a few days for a change if your old e-mail isn't working and you need to change it, which would likely be pretty rare anyway, is better than the alternatives, which are that somebody can more easily delete your account if they can get in, and that you'd have to contact us for an e-mail change. The first leads to problems of account deletion, and the second would largely increase the amount of mail the ST gets through contact us, and could even take longer than a week anyway. In my mind, it is better to have an outdated e-mail for a few days, which really doesn't affect much, than to have the chance of an easier account deletion.

There is also the fact that they could mess up your whole account without the e-mail confirmation anyway, so maybe there should need to be some e-mail confirmation for bulk deletion of projects as an idea too.

Ken: What if that old email has been deleted?

Charles: As much as I do see your point, you could change the e-mail to another one, confirm it and change it again to your current one.

Banana

banana439monkey wrote:

Ken: What if that old email has been deleted?

Then send an email to Contact Us.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

Yes, but what if it is the opposite?

kenny2scratch wrote:

banana439monkey wrote:

Ken: What if that old email has been deleted?

Then send an email to Contact Us.

The problem with that is that anyone who has compromised the account could send an email to Contact Us, so you haven't actually solved the problem.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

This is a great idea.

ay nearly a year-old bump

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

Support for something like this, however I feel that it would be quite easy for someone to miss the email. For example, I only check my emails when I'm expecting something and while my phone receives emails it's synced up mostly to my school one (intentionally) so those are the notifications that I get. If someone were to hack into my account and change the email I likely wouldn't notice.

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

Support for this

I understand the reasoning behind this, although I'm concerned as per jvvg's reasons stated previously:

jvvg wrote:

The problem with this is the case where the original email stops working (for example, if you use a school email and then graduate but forget to change your email before). I think a better idea would be to make it so that when you change your email, it sends an email to the original account notifying them (and giving them an option to cancel it) and waiting a week or so before changing the email if the switch isn't cancelled. This way, if the account is compromised, the original account holder is aware of what's happening and can stop it, but if it's a legitimate email switch, it will also work.

In addition to that, a young child could have misspelled an email.

EDIT: Young child, not just a “child.”

Well this was a surprise to see in messages.

Anyway, I think that in addition to an e-mail to the old account and a wait period, it should send other notices in case somebody isn't checking their e-mail, like a notice in messages. I imagine most people get notifications for it, but just be a bit safer in this case. I also want to bring this back up.

duckboycool wrote:

There is also the fact that they could mess up your whole account without the e-mail confirmation anyway, so maybe there should need to be some e-mail confirmation for bulk deletion of projects as an idea too.

HI,
I'm the dad, and I've exactly made the mistake you describe. I changed to an incorrect email.
I would like to get back to the old mail (dad mail) and then carefully move to new (my daughter's mail).
Is there a delay for not confirming, when the old mail is reset ?