undefined | Better HN

0 pointsweinzierl5y ago0 comments

Excellent writeup and it shows that Stack Overflow's account management came a long way.

Still there is room for improvement. What confused me a lot recently was, that the reset link sent to a certain email is not necessarily for the login associated with that email.

I tried to to login at Stack Overflow after a long time. Entered my current mail and pw. Did not work, clicked pw recovery, received mail, reset pw, got logged in. So far so good.

Logged out, couldn't log in again. After a few password resets I realized that, while the mail was sent to my current address, the reset link actually was for the pw of a login associated with an old email.

At least for me that was not clear from the recovery email. Here is the full text with only email redacted:

> Account Recovery - Stack Overflow

> We received an account recovery request on Stack Overflow for new@example.com.

> If you initiated this request, reset your password here.

> You can use any of the following credentials to log in to your account:

> Email and Password (old@example.com)

> Email and Password (new@example.com)

> Once logged in, you can review existing credentials and add new ones. Simply visit your profile, click on Edit Profile & Settings and My Logins.

To be clear, "reset your password here." is a link and it changes the pw only for old@example.com.

0 comments

Shog95y ago

Yeah, this doesn't surprise me. The login system at SO is unnecessarily complex - by which I mean that the complexity of the interface does not match the complexity of the underlying system, because while both have been redesigned several times they've never been completely redesigned together.

So you end up with weird situations like this, where both the interface and the underlying system support multiple associated email addresses, but not in the same ways or with the same functionality exposed.

It is... A legacy system, with all that that entails.

j / k navigate · click thread line to collapse