I just created an /e/ account for my new Fairphone 3+, and I have some concern about this process :
The first thing is the set-up of the mail address, which is referred as “username” in the Sign Up page. I think it is not really clear, as I thought I was asked for a forum username, and not the prefix of my /e/ mail address. As such, my mail address is not what I wanted it to be, and I can’t change it in the parameters (I guess this is because of the synchronization with OwnCloud ?) ;
The second is about the password, which gave me an error during the creation of my account. The password I used was CHOIZA#.&+hugro2739PHONBOI@"&# and I could not sign up with it until I changed it for my actual password. I guess it have something to do with the length of the first one, or maybe with the usage of special characters. I understand perfectly that there is some technical limitations during this process, but they should be clearly listed while typing a password. Btw, this is not a password I use, I have a strict password policy and this password will never be used again by me, or anyone I’m close to.
If anyone can help me to change the prefix of my mail address, and provide me the limitations I must take in account while setting up a password, I’ll be truly thankful.
For instructions on how to create an /e/ ID you can refer the document here
Changes to mail address are not possible you can delete and create a new ID. Pl do not share password or account details on the forum. For further assistance pl send a mail with the details to support@e.email
The manual indeed provide instructions regarding the /e/ account process, however I’m sure that you’ll agree with me : a simple process that require a manual to be followed is a poorly designed one. Especially when dozens of websites across the globe have implemented it without the need for a manual.
I sent a mail to the support, but I did not get any response, so I searched myself regarding the password issue and found the following specifications :
There is no need to follow the best practices regarding password complexity, so it is possible to compose it only from letters, or only from numbers, or only from special characters. In my opinion, this can be a security issue, even if length is more important than complexity for a password.
There is no minimum for the password’s length, so one could simply set the password to be “a” or “1”. I have been able to go up to 30 characters, but I didn’t test it further, so it could be more.
While the system provide the possibility to set a very strong password, the lack of user’s guidance is a true shame, and will lead to users setting it up wrong, and getting hacked with no difficulty. I strongly recommend that /e/ cloud align with other companies and provide a better account creation process.
Finally, saying “Hi,” wouldn’t have taken much of your time, Manoj. Politeness is no luxury…
I hope /e/ will take my recommendations in account, and that this thread will help someone to build a good password.
welcome to /e/. I replied just now to your support ticket.
As stated there, we only have one rule for passwords and that is the length of 8 to 32 characters; this is already visible in the signup process and as you say it would be a poor choice to specify it on a documentation page elsewhere. Still, sometimes people come into problems (or our software has bugs) and it’s convenient to have a place to refer them to.
it is possible to compose it only from letters, or only from numbers, or only from special characters.
This is a deliberate choice; I personally believe it to be bad UX for sites that enforce arbitrary restrictions on the ingredients of a password when, as you say, a long memorable password could be as secure.
We still encourage the use of password managers and generators, and with 32 characters you should have plenty of room for picking a secure password such as the one you used. If it didn’t work, then it is a bug on our login process; we have a confidential ticket for it pending investigation.
To finish, I agree with you the signup process is pending an improvement (including the username/email confusion). We have some work done but not yet published on the matter.
we have deployed the fix to our signup page and no special characters should be problematic now. The only expected restriction is the maximum length of 32 characters.
Apologies for the inconvenience and thanks again for the report. This valuable feedback allows us to improve our products.
First of all, thank you very much for your complete feedback, and your rapidity to improve the points I mentioned.
I didn’t knew the “correct horse battery staple” example, and even if there are some minor weaknesses in it, I think the concept is interesting and deserve to be dig up, especially for users with limited knowledge in IT, for which a password manager is too big of a deal.
Finally, I must apologize for my rudeness, I felt “shut downed” by Manoj answer, while I wanted my issue to be taken seriously (which you have), though it’s no excuse to react this way. I’m sure you’re doing your best facing an overwhelming charge of work, and I wish you best of luck in your endeavor.
Thank you again for your support, and for making an OS I’m enjoying using,