415
submitted 6 months ago* (last edited 6 months ago) by cosmicrookie@lemmy.world to c/mildlyinfuriating@lemmy.world

I would have expected them to ask me to message them, in order to resolve the issue of not having access to my old email. Instead, they assume that I still have access to it, by simply contacting my email provider!

If I could do that, I wouldn't have lost access to it through would I?

top 36 comments
sorted by: hot top controversial new old
[-] NuXCOM_90Percent@lemmy.zip 114 points 6 months ago

I mean... It would be nice if they put a nicer message there. But I mostly agree with that.

Look up how people social engineer their way into apple accounts and so forth. The more you put the burden on a (perpetually) underpaid CSR the easier it is to steal an account, Spin a sob story and then harass the CSR until they just reset your password so you will go away. Except there is no guarantee that is YOUR password and now we have yet another stolen account.

[-] bogosort@discuss.tchncs.de 28 points 6 months ago

Also works on EA accounts. Got mine stolen through Customer Service a few months ago. But when I contact them through the email the account was set up with they don't reinstate me.

Wish there was a solution to these problems that deals with both issues.

[-] NuXCOM_90Percent@lemmy.zip 34 points 6 months ago* (last edited 6 months ago)

There is.

2FA. No, not the fucking "we'll send you an SMS" bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)

Someone can steal your password and even your email account (unless you TOTP that too...). They still can't get into your account unless you are an idiot who gets tricked into providing the 2FA key.

In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.


The recent push for passkeys (?) is a nice-ish middle ground. People don't need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

[-] FlihpFlorp@lemm.ee 6 points 6 months ago

not an SMS

OMFG YEEEEEEESSSSS I HATE THOSE I’m not even super duper security focused I just love the idea of even a bot farm has to guess a code within a 30 second window

Meanwhile sms codes usually expire between a ten minutes and an hour, usually a half hour, but thats if at all

As much as I hate them they’re better than nothing :/

[-] lud@lemm.ee 3 points 6 months ago

I doubt bruteforce has been used in one of these attacks. The service should detect a bot entering many combinations per second.

The main problem with SMS is that someone could social engineer the mobile operator support to give them a new SIM.

Probably not something you should worry too much about unless you are in any way a target, but still.

[-] FlihpFlorp@lemm.ee 1 points 6 months ago

I also said way less than what I was thinking but you pretty much summarized the other half of what I was thinking with people being able to get the authenticator which is in this case the message

I also just plain don’t like them

Idk why beyond the reasons I said

[-] victorz@lemmy.world 2 points 6 months ago

Quick question, how do you back up a 2FA "code" to Bitwarden? Sounds like a wise thing to do for my current 2FA accounts.

[-] NuXCOM_90Percent@lemmy.zip 2 points 6 months ago

Really depends on your current tool so RTFM on that.

But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like "Having trouble?" or "Show TOTP Key" or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.

Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?

[-] victorz@lemmy.world 1 points 1 week ago

Half a year later, I'm replying... Sorry!

Thank you very much for this tip! I really appreciate it! 🙏🎖️

[-] SnipingNinja@slrpnk.net 2 points 6 months ago

That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

Would that work with my pin which is the equivalent of 40483770487025502574448? Or is a password better?

I think a pin like that is harder to remember for people, and even to get it using fingerprints is difficult because you cover a lot of the numbers giving false information

[-] ArmokGoB@lemmy.dbzer0.com 0 points 6 months ago

It's just passing the buck for their service. They should be solely responsible for lockouts on their service.

[-] insufferableninja@lemdro.id 3 points 6 months ago

you seem to be misreading the message. if you no longer have access to your email account that is linked to discord, what the hell can discord do about it? nothing. so you have to contact the email provider's customer service to get access to your email account.

this is not just reasonable, it's the only way it could work. or do you think Google customer service will help you reset your lemmy password?

[-] victorz@lemmy.world 1 points 1 week ago

The way you wrote this is so logical and in such plain text that I just started giggling. 😂 Very well put. I hope the one you replied to understood after this lol, otherwise... 🤷‍♂️🍍

[-] The_Picard_Maneuver@lemmy.world 44 points 6 months ago

Discord support is the absolute worst. I hope to never have to deal with them again.

[-] Zikeji@programming.dev 14 points 6 months ago

I've only had to contact them for trust and safety reports and they've been pretty responsive, despite usually not telling you the outcome (the outcome is pretty easy to find out anyway). I'm glad I haven't had to contact them for other stuff though, since I've heard it's a nightmare.

[-] The_Picard_Maneuver@lemmy.world 9 points 6 months ago* (last edited 6 months ago)

I had to deal with their T&S for my account being locked once. It was indeed a nightmare.

I consider myself pretty reserved and knew that I had never said or shared anything even remotely problematic, so I appealed, and they denied the request without even looking at it, then refused to respond to further questions (or even tell me what I supposedly did). It took me publicly complaining about the whole ordeal on social media for about a week for someone at discord to notice, look at my case, and finally realize a mistake had been made and unlock my account. They still never explained what happened.

[-] Fredy@lemmy.world 5 points 6 months ago

A friend was locked out of her account too, due to it falsely being flagged as underage/below the allowed age.

This can happen extremely easy, as sometimes it's enough for someone to report a public message of you saying a number, like "12" for example in any given context and your account could get disabled, even if it wasn't referring to age in particular.

She had to contact them to prove that she indeed was an adult and show her ID, she did multiple times and waited weeks, with no response. Only after she sent a message in which she also explained how you have to read the date of birth on our country's specific ID card was her account unlocked, again without any message back from then, just unlocked the account. Nice communication on their part.

[-] ArmokGoB@lemmy.dbzer0.com 5 points 6 months ago

I tried to report a pedo to them once and they simply could not have given less of a shit.

[-] Zelaf@sopuli.xyz 30 points 6 months ago

This is news to me, just checked my account and the email is of a domain I no longer intend to renew so I guess I'm screwed then lol

[-] cosmicrookie@lemmy.world 31 points 6 months ago

No! Youre not! Just make sure you change your email in discord accounts settings before your domain runs out.

They send an email to your current account to check that its you. Then you can change it to a new email

[-] Zelaf@sopuli.xyz 17 points 6 months ago

Sadly it expired about a week ago already so it's a no go :c

[-] cosmicrookie@lemmy.world 4 points 6 months ago* (last edited 6 months ago)

Wow. What bad luck!

Maybe you can export your discord friend and server list and import it to a new accont?

[-] RaccoonBall@lemm.ee 2 points 6 months ago

A week is recent enough to renew usually if you care

[-] Sonotsugipaa@lemmy.dbzer0.com 17 points 6 months ago

Lost access to your email? Nuh uh.

[-] cosmicrookie@lemmy.world 4 points 6 months ago

Actually no. Im fine. Its just the approach to this that is bad. At least they could try. For example by charging a tiny fee and comparing credit card nubers or names on credit cards.

[-] Tetsuo@jlai.lu 17 points 6 months ago

If there is one thing I secure as much as possible it's my main email address.

If you think about it that's the most important account of all.

If you lose it, every account using this mail as recovery is also pwned.

I understand this is frustrating but I agree with others that there is not much else discord could do.

[-] Lost_My_Mind@lemmy.world 9 points 6 months ago

My main email said they suspected unusual activity from me. So I need to go to my backup email, and get a code. Simple enough. So I go to my backup email which I never use. I log in, and they say "Looks like it's been a while, we're going to send an email to the backup of this account. Well the backup of the backup is the main account. So now I know the passwords for both accounts. But I can't get into either because both are pointing at the other, so I can't get into either.

I legit want an actual hacker to hack my backup and let me in, just so I can get into my main. I've had the account since 1997

[-] RaccoonBall@lemm.ee 1 points 6 months ago

This type of thing is why I, against all internet advice, host my own email. It's a pain but it's nice being in control.

[-] sgibson5150@slrpnk.net 15 points 6 months ago

I get the sense that a lot of commenters here never had an openmailbox dot org experience.

[-] cosmicrookie@lemmy.world 7 points 6 months ago

Yeah.. I feel old just because I have an email with a custom domain!

[-] bobs_monkey@lemm.ee 1 points 6 months ago

Is that an old person thing? I have one custom domain exclusively for my work email, and while I was at it I made one for my personal just because I could.

[-] TrickDacy@lemmy.world 12 points 6 months ago

Do you really expect them to allow you to circumvent the only easy way we have to verify ownership of an account?

[-] stevedidwhat_infosec@infosec.pub 9 points 6 months ago* (last edited 6 months ago)

Discord: our platform is being abused to peddle malware via c2 channels, file repositories, etc. So to combat this problem, we’re going to ruin the customer experience!

[-] dan@upvote.au 8 points 6 months ago

"please contact your email provider"

Good luck - a lot of Discord users use freemail accounts (Yahoo, Gmail, Hotmail, etc) where it's practically impossible to contact the provider or recover a lost account.

[-] Mwa@thelemmy.club 1 points 6 months ago

I hate how discord forces you to put a phone number on a new account

[-] iridium@piefed.social -3 points 6 months ago

I recently had this exact same issue with Discord, I absolutely fucking despise this platform and won't ever use this proprietary, privacy-invasive pile of shit again.

this post was submitted on 03 Jun 2024
415 points (96.0% liked)

Mildly Infuriating

35767 readers
271 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS