-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Dalton wrote:
Is there any
reason we don't suggest for merging accounts with matchin
names but differing emails?
I'm pretty sure it does. If the email matches, it should automatically
merge, since if you control the email account, you can always change
the password if you don't know it. It's only when neither the email or
password match that it asks.
However, I'm not really sure the password matching should be taken as
proof that it's the same account, it could be a coincidence
(especially if people are using bad passwords, eg username backwards).
It's very unlikely that two people with the exact same username will
pick the exact same lame password.
If they do, then they could have logged into each others' accounts
anyway -- so it's high time for them to figure it out. ;)
E-mail matching should be required. Otherwise, ask for
the password.
If they know it's their account and log on with the same password,
excellent, if it's not their account they won't know the password
(just because it's the same as their password doesn't mean they know
it), and the account shouldn't be merged. Yes, it's likely people will
try their password just in case it's their account and they've
forgotten, but we should leave password guessing to the user, the code
shouldn't be doing any guesswork.
There's no guesswork -- either you can log into the account or you can't.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGwdxfwRnhpk1wk44RAmMqAJwK8V2fSD9gzn66vSKkpkI/+HTG/ACgm5s5
Kq8RVNTc2ctotGPNQgFzmSc=
=A+6O
-----END PGP SIGNATURE-----