Keys, key delivery and key retrieval

[Jere_Jones]

I would like to make a page on dragonglobal.biz that you can go to and retrieve your key if you have lost it or if it hasn't shown up in email. In theory, your key would appear in the browser so there won't be any problems with email. Of course emails would also be sent. This is just for retrieval.

I would like some feedback on how to do this. I don't want to have 'another' name and password for people to remember. I also don't want Joe Blow to be able to make a couple guesses and get a key to show up.

My initial thought was to have you enter your name and email address. If they matched then you would get your key displayed. This doesn't seem real secure. Maybe with a limit on the amount of tries or a timeout it may be more secure. I don't store the transaction id of your purchase so I can't use it.

A similar page will exist to get keys for SAV1 when I start issuing keys for it. For that I figure I could get you to enter the old key but that doesn't help in the case that you don't HAVE the old key (delete the email, formated the drive, or whatever).

Any ideas?

Jere

[sleonard]

I don't know how secure this forum SW is but if you could link key purchases to my forum login so that it is listed in my forum profile that would be awesome.

S

Glad to see you back and that you weren't hit by a bus or other such disaster.

[Razillian]

I just ran through the purchase pages and it looks like every page asks for postal/zip code and phone number. If you captured one of those as part of the purchase process (I know paypal will feed it back to you, not sure on the others) you could use it in combination with name and email address for authorization for key retrieval.

I know not every country uses a postal code, so you could do an either-or on the retrieval form. Either enter postal code or enter phone number.

[Serra]

Quote:

Originally Posted by Jere_Jones

I would like to make a page on dragonglobal.biz that you can go to and retrieve your key if you have lost it or if it hasn't shown up in email. In theory, your key would appear in the browser so there won't be any problems with email. Of course emails would also be sent. This is just for retrieval.

I don't see why you would need a name and password. The system wouldn't need to be protected. Just simply ask, what email did you register with, then send the key to that email. Put a CAPTCHA on it so it doesn't get abused and you are done.

If you aren't a PHP guy, I could set something up for you that runs off mySQL.

[Razillian]

I think a good chunk of the key emails that were sent out in the past wound up in never-never spam filter land. I think the idea is to have a way to retrieve a key without running the risk of the user not getting their email (and thus getting frustrated beyond belief because "Jere never sent me my key").

[Serra]

Quote:

Originally Posted by Razillian

I think a good chunk of the key emails that were sent out in the past wound up in never-never spam filter land. I think the idea is to have a way to retrieve a key without running the risk of the user not getting their email (and thus getting frustrated beyond belief because "Jere never sent me my key").

Yes, that is why this system works so much better. It tells the person who requested the key that it was sent. When it doesn't arrive, they know something is wrong and can look in their spam bin. Under the current system, there is no feedback, so the person is left hanging wondering if it was sent.

The system could also warn users of system systems that block emails that the emails to that host may be blocked.