Tech Forum

RussellHltn wrote:I tested out the ability to determine my LDSAccount ID and to change the password. I was successful. However, I noticed that I must have access to the old email account to do so. This is both good and bad as I was able to get in without re-entering my record number and confirmation date, but likewise my account could be compromised if my email was compromised. Also I could be up the proverbial creak if I lost my email account.

The login page now allows you to say "I forgot or don't have my e-mail address." If you choose that path, you will eventually enter your membership number and confirmation date. After entering that data, you will be presented a screen with your name and birthdate, asking you to verify that you are the person with all of these data: (membership number, confirmation date, full name, birthdate). When you click "Yes" you will then be logged into the LDS Account where you will see your user name and you will have the opportunity to change your e-mail address and password.

It seems to work quite well. So, remembering the old e-mail address is no longer required.

Thanks,
Dennis

mkmurray wrote:Tyler, on the new beta login page, is there a way that the link that says "Obtain an LDS Account" could be modified to first ask for your old LUWS credentials (if you have one) before taking you straight to the LDS Account registration page?

While I think most people will attempt to enter their old LUWS credentials automatically without gathering the fact that it is a new credentials system, I think there will be some that will click that "Obtain an LDS Account" link without trying to login with their old credentials first. I would hate for those people who are a little more observant to not get the benefit of pre-filled in fields on the LDS Account Registration page. Does that make sense what I am proposing?

This absolutely makes sense, and I will forward this on to the project manager to make sure it is clear that users should use their old LUWS login if they have one. This way we will merge the accounts, and not cause any extra work on the users end.

I've noticed a couple comments in this thread about users trying to use their LDSAccount credentials to login through the non-beta page. This will not work, and was not intended to. If you have created an LDSAccount, or have one, then you will only be successful in using it through the beta login page. The non-beta login still works in the same way it always has, and will still allow old accounts to be created and used. Once the beta goes live, then the first login, and only login you will be able to reach will work with LDSAccount, and will merge/migrate any who do not have an LDSAccount.

That was probably more of an explanation than needed. Hope it helps though.

If there is going to be any transition period, could the registered users page for admins be modified to show both the old and new account usernames or some other means to help see who is and isn't moving across to LDSAccount?

kgthunder wrote:If there is going to be any transition period, could the registered users page for admins be modified to show both the old and new account usernames or some other means to help see who is and isn't moving across to LDSAccount?

That would certainly help in allowing Web Site Administrators and Clerks have the info they need to help educate about the transition. I wonder how much of a change it is technically, especially considering Tyler's comments in another thread where the timeframe to activate the beta login page may be pretty soon.

kgthunder wrote:If there is going to be any transition period, could the registered users page for admins be modified to show both the old and new account usernames or some other means to help see who is and isn't moving across to LDSAccount?

That would be a good idea from the Web Administrators point of view... but would it be worth it for the Church Developers to develop that code? I don't know how simple or complex the code would be to implement. If the code WERE to be implemented, even just a check mark or other indicator to show that the user has an LDS Account should be sufficient.

Alan_Brown wrote:The login page for the Local Unit Web Sites has a new addition. It says:

Here's some feedback on the registration process.
1. If you enter a bad Membership Record number, you will see the following error:

Error: The supplied Membership Record Number is not valid.

2. If you enter a good Membership Record number, but a bad confirmation date, you will see the following error:

Error: The supplied Membership Record Number and Confirmation Date are not valid.

Having seen a lot of members struggle with sign-on and registration processes lately, may I offer the following feedback? The error for situation #2 would be easier for the members to understand and deal with if it was something like this:

Error: The supplied Membership Record Number (MRN) is valid, but the supplied Confirmation Date is not correct. Have you entered your MRN correctly? If so, please check your Confirmation Date.

Perhaps it is a small change, but I think it helps if the error messages are little more personal and if they provide some hints for what the member should do. The above error messages are focused on the software result and I think the member's overall experience will be better if the error messages are written from the perspective of the end users and what the end user needs to do to fix the problem.

Thanks,
Dennis

dmaynes wrote:Here's some feedback on the registration process.

I also saw a member struggle with the CAPTCHA process. The member entered all of the letters correctly, but because the spacing on the letters is inconsistent, the member also entered some spaces. I know the prompt reads:

Type the letters you see in the image:

And, this member was trying to type exactly what was displayed in the image. So, it failed. Perhaps the prompt could be changed to read:

Type the letters you see in the image (do not type any spaces):

Personally, I think it would help if the software just threw away the spaces.

Alternatively, the error message could be changed from:

Error: The characters you've entered do not match those in the image.

To read:

Error: The letters you typed did not match those in the image. Please try again, but do not type any spaces.

(I changed the tense of the error message because after the error is displayed a new CAPTCHA image is also displayed and there is no way that the previous characters now match the new CAPTCHA.)

dmaynes wrote:If you enter a good Membership Record number, but a bad confirmation date, you will see the following error:
Quote:
Error: The supplied Membership Record Number and Confirmation Date are not valid.
Having seen a lot of members struggle with sign-on and registration processes lately, may I offer the following feedback? The error for situation #2 would be easier for the members to understand and deal with if it was something like this:

Quote:
Error: The supplied Membership Record Number (MRN) is valid, but the supplied Confirmation Date is not correct. Have you entered your MRN correctly? If so, please check your Confirmation Date.

I think that the reason it doesn't say something like that is for security reasons. We would like to think that nobody would be malicious with LDS Account, however, we have to be careful. If someone were to dishonestly obtain a membership number from any of the sources they could be obtained from, and then determine that the membership number was VALID... a little research (or their memory) could bring up the coordinating confirmation date.

Perhaps the message should read, if EITHER the Membership Number or Confirmation Date are wrong, "The supplied Membership Record Number and/or Confirmation Date are not valid." (The change is adding the "or". It doesn't say which one is wrong, but I assume that people would double check both entries against their records, only taking an extra minute, at most).

I think you're right though, when I see that the Membership Number and Confirmation Date are invalid, I think that both are invalid, although that could easily be a security feature against malicious people...

AileneRHerrick wrote:I think that the reason it doesn't say something like that is for security reasons. We would like to think that nobody would be malicious with LDS Account, however, we have to be careful. If someone were to dishonestly obtain a membership number from any of the sources they could be obtained from, and then determine that the membership number was VALID... a little research (or their memory) could bring up the coordinating confirmation date.

If that's the reason then only one error message should be provided. As it is, if the second error message is displayed, then the person entering the information knows that the MRN is valid. In that case, my proposed error message provides no additional information that is not already available.

So, if the developers are concerned about security, then only one error message should be displayed:

Error: Either the Membership Record Number or the Confirmation Date (or both) that you entered are incorrect. Please check your records and make sure that both of these have been entered correctly.

As soon as two different error messages are presented, the attacker has gained some information.

Thanks,
Dennis