Announcement

Collapse
No announcement yet.

Customer has two accounts with same Password Recovery Email - how?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Customer has two accounts with same Password Recovery Email - how?

    So I had a complaint about the 'Password Reset' not working.

    The customer said that they had to create a whole new account.

    When I searched for the customer, I see they have 2 accounts, with the exact same 'Password Recovery' Email.

    I cannot create an account with a duplicate recovery Email, and I can't change the recovery Email in an existing account to match another pre-existing recovery Email. (At least from the front-end)

    So I have no idea how this happened, and it seems like it's never supposed to happen. It's extremely unlikely that anyone internally used the back-end to make this change, and it happened in the middle of the night, so it's even less likely that anyone could've known about the issue.

    Any ideas about what's going on, or how this could've happened?

    Using 9.0003

    #2
    Re: Customer has two accounts with same Password Recovery Email - how?

    Perhaps there's a trailing unprintable character in the email address, like a space, etc?
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Re: Customer has two accounts with same Password Recovery Email - how?

      Originally posted by ILoveHostasaurus View Post
      Perhaps there's a trailing unprintable character in the email address, like a space, etc?
      So the trailing character does allow for a duplicate address to be used, but the trailing character isn't shown in the database. And after looking at a sql table dump, this isn't the first time it's happened. However, it generates two password recovery Emails. So it seems like things are still working, and the customer should've had no problem with the reset.

      Back to suspecting user error.

      Thanks.
      Last edited by Jesse; 07-31-15, 07:27 AM.

      Comment


        #4
        Re: Customer has two accounts with same Password Recovery Email - how?

        Is it possible the accounts you see with the same password recovery email were created before the PR7/PR8 updates? That would explain quite simply why they are there. It can't really happen since that update (unless something like David's example above). My guess is the new account your customer created used an entirely new email (meaning they now have three different accounts).

        We get complaints about the password recovery not working all the time - 99.9% of the time its customers using the wrong email address (user error). In other words if my password recovery email is [email protected] but I use [email protected] to try and recovery my password I will get a "success" message on the website but obviously won't get an email sent to [email protected] because no account exists with that password recovery email. I understand the confusion given the message the customer receives on the website because its always a success message due to PCI compliance and the customer just assumes the email they are entering in the form is actually their password recovery email when the chances are pretty good that it actually isn't if they use multiple email addresses on the internet.

        Comment


          #5
          Re: Customer has two accounts with same Password Recovery Email - how?

          We do have a duplicate customer module in app store to clean this up and it's free.
          Thanks,

          Rick Wilson
          CEO
          Miva, Inc.
          [email protected]
          https://www.miva.com

          Comment


            #6
            Re: Customer has two accounts with same Password Recovery Email - how?

            Rick, would it be in compliance to add "If you don't receive an email, please contact us? Or even, "We may, or may not, have sent you a recovery email. We can't tell you cause a bunch of loons run the PCI Compliance organization and they make up stuff like this."
            Bruce Golub
            Phosphor Media - "Your Success is our Business"

            Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
            phosphormedia.com

            Comment


              #7
              Re: Customer has two accounts with same Password Recovery Email - how?

              I don't think snark is (yet) a violation of PCI

              I would say this though, as best practice I would limit what I'd say to something like:

              "Check your spam folders, if you haven't received in X minutes call (XXX) XXX-XXXX for assistance" kind of thing.
              Thanks,

              Rick Wilson
              CEO
              Miva, Inc.
              [email protected]
              https://www.miva.com

              Comment


                #8
                Re: Customer has two accounts with same Password Recovery Email - how?

                Depends on the site...(the snark does). For example, that is probably what I'll be doing on my new business venture called "ampersand & and"

                (ok, ok, i'm going back to actual work now)
                Last edited by Bruce - PhosphorMedia; 07-31-15, 03:09 PM.
                Bruce Golub
                Phosphor Media - "Your Success is our Business"

                Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                phosphormedia.com

                Comment


                  #9
                  Re: Customer has two accounts with same Password Recovery Email - how?

                  I ran into a duplicate email situation just last week.

                  Is it possible that this could be caused by a bulk import of customer accounts from a "flat" file or provisioning XML? Does MM check for duplicates when importiing?

                  Thanks --
                  Kent Multer
                  Magic Metal Productions
                  http://TheMagicM.com
                  * Web developer/designer
                  * E-commerce and Miva
                  * Author, The Official Miva Web Scripting Book -- available on-line:
                  http://www.amazon.com/exec/obidos/IS...icmetalproducA

                  Comment


                    #10
                    Re: Customer has two accounts with same Password Recovery Email - how?

                    Yes Miva does check for duplicates when importing.

                    Prior to PR8 Update 7, the customer login was the unique identifier on a customers account. This means that if a customer forgot their login, they would just create another account with a different login but the same forgot password email. This is most likely what is causing your duplicate accounts with the same forgot password email.

                    In PR8 Update 7, we introduced the ability to allow customers to login with their email address as the login field. This uses the forgot password field as the email address so if you are using that functionality, then the forgot password field will be validated to be unique moving forward.

                    There is a free module that will find these duplicate accounts and merge them so each customer has at most one account:

                    http://apps.miva.com/product/MIVA-CO...CUSTOMERS.html
                    Brennan Heyde
                    VP Product
                    Miva, Inc.
                    [email protected]
                    https://www.miva.com

                    Comment

                    Working...
                    X