Flickr/Yahoo People, Be Warned! I’m About To Use Crossbow to Shoot Somebody in The Knee

Alrighty, this post probably has zero value when it comes to doing any game development (well, I suppose some browser MMO’s could find this useful on how not to handle a forgot password system), but it could be relatively useful for some folks.

I had created a Flickr account and for some unknown reason I hadn’t typed the username and password for the account. Well, certainly I would be able to get my password back – all these systems offer the “forgot password” option, right?

Well, here’s what happened
I tried logging in to Flickr and realized that I didn’t remember the account info. I knew that username was probably “gameproducer” (since I could access to my gameproducer page) and tried using the “forgot password” option.

  • I clicked it, typed my username and wrote the spam prevention security code and clicked next.
  • I expected to get password sent to the email address that’s tied to my username, but heck I was wrong.
  • I saw this screen: “please provide your alternative email”
  • I was like: “O_o”

I mean, how hard can it be to (1) “let people tell their username OR email” and (2) send their password.

Okay, I bravely continued:

  • I chose “I can’t access any of the above” and clicked next
  • I was asked “Where did you [security question]?”
  • I typed several answers trying to figure out the letters but no luck.
  • I tried clicking yahoo id forgot password but there I couldn’t remember the yahoo id. I tried using the system again guessing my alternative email but no luck.
  • I started thinking: maybe I should just register a new account. That might be tons of faster.
  • I though I’d contact Flickr support and see what happens.

Here’s the Flickr support email discussion in a nutshell:

  • Juuso: “I don’t remember my email, here’s my account info URL & username”
  • Flick support person #1: “please tell Date of birth and Postal Code & Country”
  • Juuso: “here you go… [birthday + postal code]”

At this point, somebody else contacted me:

  • Flickr support person #2: “Where did you [security question 1]” and “Where did you [security question 2]?”
  • Juuso: “uh… probably these: [my answers]”

Now, at this point I got a third person to reply me (isn’t that sweet):

  • Flickr support person #3: “To log in, you need yahoo username [which is *this*]. If you are having trouble logging in, you can use the “Forgot
    your ID or password” link, on the sign in page”.
  • At that point I was like: “O_o”

Now I was thinking of using crossbow to shoot somebody in the knee, and seriously thought that “I should have just created a new account right in the first place”, but then I thought that writing a blog post about shooting somebody in the knee would be less illegal.

So, I decided to take the last final attempt and see if I could get my password. I went to that page mentioned… and following took place. First I saw the “forgot password” link:

  • I clicked it, typed my username and wrote the security code and clicked next.
  • I was slightly expecting to perhapsget password sent to the email address that’s tied to my username, but heck I was wrong.
  • I saw this screen: “please provide your alternative email”
  • I was like: “O_o”

Talk about deja vu. I realized I was right in the place where I started.

I’d have a totally 100% free tip for Yahoo / Filckr
I mean seriously. Their forgot password system uses something like this:

  • Ask people to type their username and security code
  • If they succeed, ask them for alternative email
  • When they fail, ask them to provide birthday and shit
  • When they succeed, raise the challenge, and ask some mysterious questions that will be certain to go wrong.
  • Have evil laughter after checking the stats of “another poor bastard who cannot login”

What if they would have like this:

  • Ask people to type their username (or email – either one would be accepted) and a spam prevention security code
  • Send the password to the email that’s tied in the username

Bonus tip:
Oh, and you are wrong when you say to me: “Looks like you had trouble reading the security code (9100)”. To me it looks like you guys are having trouble giving readable security codes. What if you’d think this that way? 9101.

Or what if I just type down my login info and shut up.

Oh, and since shooting crossbow arrows to knee is illegal in some countries, I just might use a large trout slap instead.