<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Webdings;
panose-1:5 3 1 2 1 5 9 6 7 3;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Verdana",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Andrés,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I am very confused – if you are creating accounts for people, but not telling them the username/password, how do you expect them to
log in? <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Anyway, onto the main point -- The purpose of the verification email is not to provide the user with a log-in link, it’s to require
the system to verify that the email address is real and not mis-typed or entered by someone other than the owner of that email account. If you are sure you’ve entered the correct email address into the form when creating the account, there is no reason to
send a verification email. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">The idea of having an initial login/reset password link sent after signup is appealing from the POV of usability, but not of security.
Such a link would be the equivalent of both username and password (since it contains all that is needed to log in) being sent by possibly-insecure email. By contrast, a verification link email does not contain either a username or password equivalent. The
recipient of the email still needs information that only the genuine user will have. It is thus more secure to send by email. A malefactor who intercepts a verification email doesn’t gain the ability to log in as the victim.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Obviously if you are emailing passwords to people this is not a concern for you, (likewise if a server is running on HTTP rather than
HTTPS there are much easier hacking-possibilities) but I have learned not to make assumptions about how much security different server admins would like to have…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">best
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Andrew.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> cwb-bounces@sslmit.unibo.it [mailto:cwb-bounces@sslmit.unibo.it]
<b>On Behalf Of </b>"Andrés Chandía"<br>
<b>Sent:</b> 12 February 2018 16:28<br>
<b>To:</b> cwb@sslmit.unibo.it<br>
<b>Subject:</b> [CWB] Little gap on account created by admin<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi there, I have created an account for a user and at the "Send verification email? " I have selected "Yes, send a verification email.<br>
The process goes well and if the user click on the activation link it succeeds, but the user is sent to the login dialog where he is asked for the username and password, but these data is not known by the user because the admin was who created the account,
who assigned a username and a password. So everytime I've been requested for an account the user has sent me back a mail saying he's not able to access and that he does not (obviously) knows the username or password to access, so I have to reassign a password
and communicate to the user by mail the username and password...<br>
<br>
Wouldn't be easier that when the user click on the activation link he gets logged in automatically and from then on he would be requested to change/assign a password to his user?<br>
<br>
Thanks<br>
<br>
_______________________<br>
andrés chandía<br>
<a href="http://www.chandia.net" target="_blank" title="Este enlace externo se abrirá en una nueva ventana"><span style="text-decoration:none"><img border="0" id="_x0000_i1025" src="../images/spacer.png" alt="chandia.net"></span></a><a href="https://twitter.com/chandianet" target="_blank" title="Este enlace externo se abrirá en
una nueva ventana"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="_x0000_i1026" src="../images/spacer.png"></span></a><br>
<a href="http://chandia.net/content/dungupeyem" target="_blank" title="Este enlace externo se abrirá en una
nueva ventana">Dungupeyem</a> |
<a href="http://chandia.net/content/iecmap" target="_blank" title="Este enlace externo se abrirá en una nueva ventana">
IECMap</a> | <a href="http://chandia.net/content/isecmap" target="_blank" title="Este enlace externo se abrirá en una nueva
ventana">
ISECMap</a> | <a href="http://chandia.net/content/nmt" target="_blank" title="Este
enlace externo se abrirá en una nueva ventana">
NMT</a> | <a href="http://corlexim.cl" target="_blank" title="Este enlace externo se abrirá en una nueva ventana">
Corlexim</a><br>
<br>
administrador de:<br>
<a href="http://parles.upf.edu" target="_blank" title="Este enlace externo se abrirá en una nueva ventana">Parles.upf</a> |
<a href="https://iwch.upf.edu" target="_blank" title="Este enlace externo se abrirá en una nueva
ventana">
IWCH</a> | <a href="http://amindterapia.com" target="_blank" title="Este enlace
externo se abrirá en una nueva ventana">
Amind terapia</a> | <a href="http://koyaktumapuche.net" target="_blank" title="Este enlace externo se abrirá en una
nueva ventana">
ONG Mapuche koyaktu</a> | <a href="http://parles.upf.edu/llocs/nocando" target="_blank" title="Este enlace externo se abrirá en una nueva ventana">
Nocando</a> | <a href="https://iac.upf.edu" target="_blank" title="Este enlace externo se abrirá en una nueva
ventana">
IAC</a> | <a href="https://iac.upf.edu/cddz" target="_blank" title="Este enlace
externo se abrirá en una nueva ventana">
CddZ</a> | <a href="https://iac.upf.edu/isac" target="_blank" title="Este enlace externo se abrirá en una nueva ventana">
ISAC</a> | <a href="https://catcg.upf.edu" target="_blank" title="Este enlace externo se abrirá en una nueva
ventana">
CatCg</a><br>
<span style="font-size:18.0pt;font-family:Webdings;color:#4F6228">P</span> <span style="font-size:10.0pt;color:#4F6228">
No imprima innecesariamente. ¡Cuide el medio ambiente!</span> <o:p></o:p></p>
</div>
</body>
</html>