But I cannot find the email referred to in my sprawling email inbox.
It also seems to me that a not‑necessarily‑hostile third party could accidentally or intentionally spoof your account and request an activation email. And then you cannot log in until you find that email.
At the very least, it would be helpful if the dialog provided more information to help locate that email — such as a timestamp or message ID or From address.
The much better solution would be to allow a user to continue with their current password, irrespective of whether an activation email had been earlier sent or not.
Finally, I do not recall every requesting an activation email. I would only access this site from my laptop and my password is always at hand. So I remain quite puzzled.
The question is what am I looking for? I have no metadata about that email except that it predates today. No Subject, Date, From, or Message-ID values. I also have lots of automatic sorting rules, so that email could be anywhere in my mail client. Thanks for your response.
There were no typos anywhere — everything was carefully copy/pasted.
I have now reset my password by requesting a password reset earlier in the processing chain.
Indeed by not opting for a password reset, which I didn’t need anyway, I ended up in this catch 22. This is therefore a usability issue, I believe — but I don’t have a strong suggestion for a fix.
Coming back to the prior email notification issue. My new notification just now was From my actual email address and not from the discourse instance domain. I checked the header information carefully.
The prospect of a third party requesting a password reset remains — with all the awaiting confusion.
My thanks to those who contributed suggestions. And to note that this specific issue is satisfactorily closed, but that some wider usability questions may well remain.
1: open site, hit “Log In” button, enter username, enter current password, seek to proceed, receive the screenshot provided in original posting
2: the site was set up about three years back, has lately been dormant, and is now being dusted off for use / it was always hosted on Communiteq facilities and therefore doubtless subject to regular maintenance
3: I have no real idea. My earlier password was sufficiently strong. One option is that someone else guessed my username and requested a password reset? Maybe a clumsy attack? But I don’t have any other corroborating evidence. The fix was to do the same thing and re‑request a new password reset — but, to me at least, that fix was not obvious. Hence this topic.
Thanks for your interest in digging into this. Much appreciated.
Is it possible that you haven’t logged in for more than a year, or whatever number of days is in the invalidate inactive admin email after days setting?
If this is the dialog you are shown in this case, then there is indeed something we need to do here. We should show a message that relates to what has actually happened. Something like:
Log in
You can’t log in. Your account has been deactivated, and you must reconfirm your email address before you are allowed to log in again.
Send activation email
I’m not surprised if this UX bug hasn’t reared its head because it’s such a rarity for an admin to not log in for a full year on a site that has not been decomissioned.
I also think we should consider removing/hiding the invalidate inactive admin email after days setting - the likelihood that any admin cares about this is very low but I can see the benefit for the ongoing security of a site that admin accounts that are no longer used are deacitvated.
Perhaps set the default for invalidate inactive admin email after days to 0 so it remains available but is otherwise ineffective.
Guilty as charged on the derelict admin front. But nice that this site is about to receive a new lease of life as its intended community moves from Google Groups to discourse for its internal discussions.
But nice that this site is about to receive a new lease of life as its intended community moves from Google Groups to discourse for its internal discussions.