View Issue Details

IDProjectCategoryView StatusLast Update
0001454Main CAcert Websitewebsite contentpublic2019-02-07 22:53
ReporterbdmcAssigned To 
PrioritynormalSeveritymajorReproducibilitysometimes
Status needs review & testingResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001454: Revise Password Reset page to reduce repayments
DescriptionThe messages and instructions on the Password Reset page ( page 5 ) are unclear regarding the proper procedures, especially regarding the "donation" required before requesting that Support assist.
Tagspassword recovery, support
Reviewed by
Test Instructions

Activities

bdmc

2018-12-28 04:43

developer   ~0005716

Page URL: https://www.cacert.org/index.php?id=5

bdmc

2018-12-30 05:46

developer   ~0005717

I have created a new version of Page 5, containing many more instructions. I have also said that asking Support for help will take a long time, although I did not specify any time estimate. The code is checked in as "bug-1454," but only consists of one file different from "release."

bdmc

2018-12-30 05:49

developer   ~0005718

I have been thinking about Etienne's suggestion for some kind of instruction document to be sent to users.

That might be triggered by the Paypal Payment "success return" message, because that is the only thing that happens before the user is expected to write an e-mail message to Support.

Alternatively, some kind of automatic reply to e-mail messages to Support, with the Subject "Password Recovery Request," might be a way to do it.

L10N

2018-12-30 09:35

reporter   ~0005719

The message that the user sends with the web form probably goes to support@c.o. At the same time a copy should be sent to a new address password-reset@c.o. (or only to password-reset@c.o.).

This address replies automatically (with 'support' as the sender) with a nice reply, which explains the procedure step by step. And in such a way that the next steps are delegated to the user.

This would have the advantage that the user could help himself in some cases (relieves support). In other cases other people could help (e.g. local assurers). Third, we would have a clear situation with Paypal: Support answered immediately. We are now waiting for further information from the user. Paid service (as Paypal will always consider it) has been provided.

L10N

2018-12-30 10:01

reporter   ~0005720

Content (keyword) for an automatic reply:

Thanks for contacting us
Empathy for existing problem
Promise to help
Please document everything

Step 1: with certificate (tried on ...)
Step 2: Five questions (tried on ...)
Step 3: With Assurance
3a: If no Assurer nearby known: secretary.c.o requested for addresses from the public part of the WoT directory (requested on..., reply received on...)
3b: Assurer 1 contacted on... (if no replay within 3 days, Assurer 2, 3, 4, 5 contacted)
3c: Assurer met on....
3d: C-word received from Support on....
3e: Answered to Support answered (password reset allowed) on....
3f: T-word from support received on: ....
3g: Congratulations, now you can reset the password yourself. To do this, log into your account. As a provisional password, use (with no space in between): A-word T-word
Step 4: It didn't work. Write to support, include documentation of the first 3 steps with data and assurers.

L10N

2019-01-02 00:42

reporter   ~0005721

What about this? (Draft, in German)
If possible, send only part 1-2 and part 3 24hrs later.

Support.odt (27,211 bytes)

L10N

2019-01-13 23:03

reporter   ~0005734

What about a new e-mail-address for password recovery that answers automated (see above); only the second contact goes to support?

bdmc

2019-01-14 07:11

developer   ~0005735

I should have responded to this a few days ago, when you first proposed it.

Yes, I like the idea of a special e-mail address for password recovery, and, as you say, perhaps don't send directly to the Support mailing list.

We could never send mail for password recovery to the Support mailing list, or only after the user has accomplished all other tasks. Mail to the password recovery address could be forwarded to Support, or the user would be directed to the Support mailing list only at the end of the process.

L10N

2019-01-14 13:57

reporter   ~0005736

Until now: User forgot password
-> read wiki, help himself OR most: -> @ to support@c.o. (not support@lists.c.o.)

It could be this way: User forgot password
-> read wiki, help himself OR most: -> @ to new-password-recovery-address@c.o. -> automated answer with help, step 1&2, -> after 24 hours automated answer2 with help, step 3&4, -> after 24 hours automated3 answer with help, step 5&6 (while 6 means contact support and giving the address from support)

If this is to complicated (automated following mails):

It could be this way: User forgot password
-> read wiki, help himself OR most: -> @ to new-password-recovery-address@c.o. -> automated answer with help, step 1-6 (while 6 means contact support and giving the address from support)

The phasing makes sense, as the requestor should do several things before contacting support. On the other hand, you can only send one reply with everything, because there are certainly people who have read the wiki before...

Even if the draft is in German, it's worth looking at it, possibly with an automatic translator, to see how it's planned.

L10N

2019-02-07 22:53

reporter   ~0005764

I just asked the e-Mail-member of the Infrastructure Team, if an auto responder can be implemented with the available resources. Original Message in German.



-------- Original Message --------
Subject: Auto responder
Date: Thu, 07 Feb 2019 22:44:19 +0000

(...)

Im Moment kläre ich verschiedene Möglichkeiten ab, um den Support bei
verlorenen Passwörtern zu entlasten. Kannst du mir bitte deine ehrliche
EInschätzung zu den folgenden Punkten abgeben, denn nicht alles, was
technisch möglich ist, ist bei uns oder mit den verfügbaren Resourcen
umsetzbar.

- Ist es möglich, eine neue e-Mail-Adresse aufzusetzen, welche automatisch
mit einem vorgegebenen Text/Mail antwortet? (Das eingehende Mail kann
unbesehen vom Inhalt gelöscht werden, es sollte aber nachvollziehbar sein,
wann es eintraf, von welcher Adresse und dass die automatische Antwort
hinaus ging.)

- Ist es möglich, eine neue e-Mail-Adresse aufzusetzen, welche *mehrmals*
automatisch mit einem vorgegebenen Text/Mail antwortet? Also wie oben
einmal sofort und zu vorgegeben Zeitunkten (z.B. 24h später, 36h später)
noch Mail 2 und Mail 3 losschickt?

Was technisch im Hintergrund abläuft, resp. ob das über Mail oder eine
Liste läuft, spielt keine Rolle... ich möchte nur gerne wissen, ob so
etwas mit vertretbarem Aufwand bei uns machbar/möglich ist.

Danke für eine kurze Antwort und
freundliche Grüsse
(...)

Issue History

Date Modified Username Field Change
2018-12-28 04:28 bdmc New Issue
2018-12-28 04:43 bdmc Note Added: 0005716
2018-12-30 05:43 bdmc Status new => needs review & testing
2018-12-30 05:46 bdmc Note Added: 0005717
2018-12-30 05:49 bdmc Note Added: 0005718
2018-12-30 09:35 L10N Note Added: 0005719
2018-12-30 10:01 L10N Note Added: 0005720
2018-12-31 03:12 bdmc Summary Revise Password Reset page to reduce miss-use => Revise Password Reset page to reduce repayments
2019-01-02 00:42 L10N File Added: Support.odt
2019-01-02 00:42 L10N Note Added: 0005721
2019-01-13 23:03 L10N Note Added: 0005734
2019-01-14 07:11 bdmc Note Added: 0005735
2019-01-14 13:57 L10N Note Added: 0005736
2019-01-14 13:57 L10N Tag Attached: password recovery
2019-01-14 13:57 L10N Tag Attached: support
2019-02-07 22:53 L10N Note Added: 0005764