Stupid Email Changing "security" system.
Sun May 15, 2005 5:33 am
Changing your Email address is a 2 step process.
* Enter the Email you wish to associate your account with into the 'Change Email' fields below and hit 'Submit Change'.
* An Email will be sent to the new Email address to make sure that it is a working Email address. That Email will contain a link. Once that link is clicked on, the change to your Email takes place.
These steps help keep Email Neopets from being labelled as spam and ensure that our Emails to you get through. Thanks for understanding!
Once you submit your change, you won't be able to request another change for 24 hours or until you confirm the current change.
So basically, if you get scammed and the scammer changes your email, you can no longer change your email and password to keep them out of your account. You can change your word but they can simply request it again, you can't change your email so you have to self-ice...with their email as your account's email.
Since you require the email to be active in order to receive the reply from Neo, if you self-ice, the scammer can get back into your account the moment it's reactivated
Sun May 15, 2005 5:36 am
Uhh...you need to confirm the change from your email, too. So unless the scammer can get into your email too ( 
), I don't see this as a problem, rather as a better preventitive measure 
), I don't see this as a problem, rather as a better preventitive measure
Sun May 15, 2005 5:57 am
hmm...u mean to say that if the hacker got into your neopets account...the hacker can enter his email into the 'change email' field and activate the change of email from his email account since the confirmation mail is sent to the email account that is entered?
Sun May 15, 2005 6:24 am
`brok3n. wrote:hmm...u mean to say that if the hacker got into your neopets account...the hacker can enter his email into the 'change email' field and activate the change of email from his email account since the confirmation mail is sent to the email account that is entered?
-ahem- pardon my mistake. yes, you're right, once someone is in your account, they can change their email to theirs because the confirmation is sent to the NEW email.
I think it would work better if they sent the confirmation to the OLD email.
Sun May 15, 2005 6:26 am
lothwe wrote:`brok3n. wrote:hmm...u mean to say that if the hacker got into your neopets account...the hacker can enter his email into the 'change email' field and activate the change of email from his email account since the confirmation mail is sent to the email account that is entered?
-ahem- pardon my mistake. yes, you're right, once someone is in your account, they can change their email to theirs because the confirmation is sent to the NEW email.
I think it would work better if they sent the confirmation to the OLD email.
Yup, that's what i think so too...but if the person forgot the email to the old email...that poses a problem...
Sun May 15, 2005 6:41 am
I had to change my email once because my neo email (hotmail) ceased to exist.
However, this 'security' feature wouldn't help in the slightest. I can't believe nobody else noticed it before. Good job tdg
However, this 'security' feature wouldn't help in the slightest. I can't believe nobody else noticed it before. Good job tdg
Sun May 15, 2005 11:29 pm
Yeah, this is kind of backwards.
Not a good idea, IMO. I would think that the better way to do it would be to send a confirmation to the OLD email address saying, "Your neopets email is being changed. Click below if you do NOT want to change email addresses."
Not a good idea, IMO. I would think that the better way to do it would be to send a confirmation to the OLD email address saying, "Your neopets email is being changed. Click below if you do NOT want to change email addresses."
Sun May 15, 2005 11:50 pm
I am glad its the way that it is. I created a new account yesterday but there
was a problem with the email address I used and Neo couldn't send me the
activation code for the account. I had to change the email address so
they could send it to the new email address and I could activate my
account. If they had sent the confirmation link about "Your neopets email
is being changed" to the old address I never would have got it because
that one isn't working.
My pet would have remained unborn and would never have been able to
use the trading post or auctions or earn more than 100K on that account.
(Not that plan on using it to make np's but still.)
was a problem with the email address I used and Neo couldn't send me the
activation code for the account. I had to change the email address so
they could send it to the new email address and I could activate my
account. If they had sent the confirmation link about "Your neopets email
is being changed" to the old address I never would have got it because
that one isn't working.
My pet would have remained unborn and would never have been able to
use the trading post or auctions or earn more than 100K on that account.
(Not that plan on using it to make np's but still.)
Mon May 16, 2005 3:44 am
calvinorion wrote:I am glad its the way that it is. I created a new account yesterday but there
was a problem with the email address I used and Neo couldn't send me the
activation code for the account. I had to change the email address so
they could send it to the new email address and I could activate my
account. If they had sent the confirmation link about "Your neopets email
is being changed" to the old address I never would have got it because
that one isn't working.
My pet would have remained unborn and would never have been able to
use the trading post or auctions or earn more than 100K on that account.
(Not that plan on using it to make np's but still.)
I didn't say that you'd have to click the link to agree to let the email address be changed - I said you'd have to click the link to KEEP it from being changed. If you don't click the link, it will be changed.
Mon May 16, 2005 4:42 am
None if which helps if the person had gained access to your e-mail 
Mon May 16, 2005 6:55 am
stampsyne wrote:None if which helps if the person had gained access to your e-mail
yar...that's very true...just have to be a bit more careful...
by the way, what's IMO?
Mon May 16, 2005 7:08 am
Yeah, that is kinda stupid. I expect they'll find SOME way to deal with it.
In My Opinion.by the way, what's IMO?
Mon May 16, 2005 8:13 am
they should just make it so it sends to both email accounts and both have to varify, so they know that its YOU and that its a working account. if your current email address doesnt work, then oh well, your fault 
Mon May 16, 2005 5:43 pm
Fool, I was just thinking the same thing - send some sort of confirmation to both the old and the new emails. It's still not perfect, especially if the old either doesn't work or someone has gotten into it.
I don't think there's really a good answer to this one. For all it's imperfections, and I know it wasn't perfect, I really wish they'd bring that security code back on the login page. The reason for having that was there are programs (bots?) that will sit and randomly try to "guess" a user password.
Now why bother doing that on a game site? Well, practice, making sure their program works, jealousy, spite, a way to cause panic/misery or just because they can. I know those programs exist, someone tried using one on me - not on Neopets, but on my online auction payment site. I was beyond
when I got an official email from that site, I can tell you that. Apparently they'd been trying for a couple of days to get into my account.
I don't think there's really a good answer to this one. For all it's imperfections, and I know it wasn't perfect, I really wish they'd bring that security code back on the login page. The reason for having that was there are programs (bots?) that will sit and randomly try to "guess" a user password.
Now why bother doing that on a game site? Well, practice, making sure their program works, jealousy, spite, a way to cause panic/misery or just because they can. I know those programs exist, someone tried using one on me - not on Neopets, but on my online auction payment site. I was beyond
when I got an official email from that site, I can tell you that. Apparently they'd been trying for a couple of days to get into my account.
Mon May 16, 2005 6:20 pm
I like another site I use (tis a online shop). If you post comments or what not on a review then your display name is shown but that isn't the name you sign in with.
You sign in with
log-in name
log- in password
but no one EVER sees the log in name anywhere as you choose a seperate display name (that no one else can have, same with log-in name).
This way it is impossible for someone to crack your account, they don't know which account is yours, they'd have to guess combinations of log-in name and log-in password. So it wouldn't matter where they sent your e-mail as no one would be trying to get into your account anyway as they don't know which account is yours or if a name even exists.
It's un-crackable
You sign in with
log-in name
log- in password
but no one EVER sees the log in name anywhere as you choose a seperate display name (that no one else can have, same with log-in name).
This way it is impossible for someone to crack your account, they don't know which account is yours, they'd have to guess combinations of log-in name and log-in password. So it wouldn't matter where they sent your e-mail as no one would be trying to get into your account anyway as they don't know which account is yours or if a name even exists.
It's un-crackable