Since persona is shutting down, we have to migrate everyone to an email/passphrase authentication system.
I did some analysis of the user table to see what that would require. I found a few different categories of user, which may need different treatments. I broke it down into six different groups. ## ## THE GROUPS ## # # Group 1: Verified email and modern hash # (Count: 218) "Modern hash" means a stored passphrase we can use in the new system. See footnote for more detail. # # Group 2: Unverified email and modern hash # (Count: 146) Four of them have ident=email, which might mean they joined with Persona, and created a password later. (?) # # Group 3: Verified email, but no modern hash # (Count: 425) 420 of these are people with no hash at all. They must have signed up with Persona. The remaining five have an old-style salt/hash combo. They're basically in the same bucket as people with no hash at all. # # Group 4: Unverified email, no modern hash, and ident!=email # (Count: 4) Three of these are probably people who signed up with Persona, but then changed their email and didn't verify it. One is just somebody with an old-style salt/hash combo. # # Group 5: Unverified email, no modern hash, ident=email # (Count: 11) All of these people must have signed up with Persona and can be automatically verified. Then they will become members of group 3. # # Group 6: No email # (Count: 254) These poor folks need to add and verify an email address to be part of the system. ## ## ANALYSIS ## I think the first thing to remember is that almost all of these users are diehard fans of the project. I won't feel bad about accidentally sending one extra email to them, and I don't feel especially worried about accidentally verifying a spammer or identity theft victim. So. The biggest group is #3 (verified but no passphrase), with almost half our users. I suggest we send a one-time email to them after we go live with master, telling them to use ForgotPassphrase to initialize a passphrase. The next biggest group is #6 (no email). That's bad. Things aren't hopeless, though. Half of them have an email address as an identifier! We can perhaps send them an email as well, telling them that now would be a good time to formally add an email address to their account. We can also just read through the list to see if we recognize any names. Next up is group #1 (verified and modern). Great. No action required. Group #2 is a tricky one (unverified but modern). We *could* just assume they're all good caring folks, and automatically verify their emails. I suggest instead that we send an email now asking them to verify their email using the existing system, so that they can become members of group #1. The rest would be out of luck. I can make everyone in group #5 (unverified, ident=email, no hash) become a member of group #3 by automatically verifying their email. This is safe to do since they *must* have signed up with Persona. For group #4 (unverified, ident!=email, no hash), I think we should reach out to them individually. There's just four of them. ## ## PROPOSED ACTION ## There's a really really easy solution to this migration question: blow away the entire user table and start over from scratch. Everyone creates a new account. (Plan HECK) There's also the super fine-grained deeply-considered maximally optimal solution, which I've basically laid out above. It would take at least a week to do it right (waiting around for users to act after we've sent them emails). (Plan ZOWIE) What we *could* do is just import the easy cases (group #1), and send a one-time email to everybody else, encouraging them to create a new account. (Plan WOW) For now, my proposal is to do the fine-grained actions (Plan ZOWIE), which would look like: 1. Automatically verify group #5 2. Send an email to group #2, encouraging them to verify their email 3. Send an email to group #6 (those we can reach, anyway) 4. Reach out to group #4 5. Wait a week 6. Import group #1 directly 7. Import group #3 directly 8. Go live with master 9. Send an email to group #3, telling them to use ForgotPassword Please vote for — or describe — your favorite plan. :) Happy Friday, -Bryan : First of all, there are 1070 total rows in "user". There are 27 emails that show up more than once — probably people who forgot and signed up again. Of those 27 dupes, there are twelve where one row is email-verified, and the other is not. In the groups, I made sure to not to double count any of the dupes. There end up being 1058 total emails that are considered. : What I mean by "modern hash" is a passphrase that uses the secure PBKFD1 algorithm we use now. Old versions of Yesod.Auth didn't use it. We must have had some accounts created way back in the day that used the old bad method. Yesod.Auth "helpfully" still supported the old, insecure passwords, so they never got changed. That ends now. :) : We did have a few spam accounts created, but they're all in group 6 and I'm not worried about them.
Description: Digital signature
_______________________________________________ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdrift.coop/mailman/listinfo/discuss