On the classmates that we get their information over the phone and enter the information into their detail and profile section, how do we create a password and send it to them? Do they have to get on there themselves and create a password?

Judith,

If they have Internet access, it is best that they go through the set-up wizard for themselves. The wizard will let them set up their birthday, address, phone number, and set up a password. They can also fill in their profile information at that time and upload any photos.

Tell them to click on the JOIN HERE link after clicking on their name on the Classmate Profiles page.

If they don't have Internet Access, they wouldn't need a password anyway because they will never log in to the system.

What seems to help my classmate is that I go into their profile and insert a password such as "mouse" and have the classmate go to the website by using the password I made and have them change their password once in. It seems to work for us.

thanks, that is what I was looking for.

Julie Passanisi wrote:

Though I agree with Kyle that a classmate should do it themselves. However, we have a few who need someone to help them. In those cases, it has been easier to do it for them. Make sure you tell them to go to the site ASAP and change that password.

I appreciate both Kyle and your response. I was already doing what Kyle suggested but I needed to hear other options for those that just needed a little extra help, the ones that are computer challanged. It gave me opetions. Thanks

I have entered the data for a few of our classmates as well, as each of them did not have computer access, but a child of theirs ws given the password to their account so messages from other classmates could be verbally passed on to them.

Hi All!

Has this system changed recently? I was trying to create a new password for a schoolmate and couldn't find the password space to change it on their profile.

The problem is that the email address they chose to use as their primary address is now inactive and I've input their new (active) one for them.

In this case, if they click on "Forgot Password?", would that information just go to the new primary email address?

Thank you in advance for any advice!

Smiles from Japan,
Roberta

Roberta,
I have a 'bogus' guest on my site that I created for testing purposes.
I just now went in and changed the email address and the password, logged off, the logged in as the 'bogus' guest with no problem.
Have you tried re-entering their email address and password again?
I will bet that within a few hours, Kyle will have the solution for you!

Not knowing which classmate and what e-mail they want, it is hard to know. You could use the www.classcreator.com CONTACT US form to send the information if you want privacy (the forums are PUBLIC)

Maybe you could add the new e-mail as the Secondary E-mail address. That way, it will go to both e-mail addresses when they say FORGOT PASSWORD

Hello,
Above, Roberta said this "Has this system changed recently? I was trying to create a new password for a schoolmate and couldn't find the password space to change it on their profile."
I do find myself sometimes going into manage classmates, go into their profile and either change their e-mail and/or put in a temp password,(providing they already have an account and password) then send them the temp password through their e-mail. I go to both manage classmates and Classmate profiles", but can not see their password, only their e-mail address. Am I missing something?
BUT.. In the case of someone whose name is already listed, but hasn't created his/her account, would this be the reason why I don't see the password space?
Well......Another classmate is having a very hard time creating an account. His name is under the classmate profiles already, but he hasn't created an account yet. I sent him the website address, and then told him to click on the "JOIN HERE", under "MEMBER'S LOG-IN" window. He says he gets prompted to insert a password. ???
What is the best way to have these classmates join? By going to "HOME PAGE", then "JOIN HERE"? Will he see his name there to click on? I know this is a loaded series of questions, for that I must apologize, but he and I have been playing e-mail tag for a few days now, and I need to get him on the site. Thank you!

The link on the home page says:

Not a member?
JOIN HERE
Find and click YOUR name.

We're not sure how to make the instructions any simpler. If you have any suggestions toward that end, please let us know. I suppose telling people that they should actually read the five-word instructions may be placing too high a demand on people if they're in a hurry.

If he is having problems following instructions, you could go to your Classmate Profiles page, click on his name, then copy the URL in the Browser's Address window and send that link to him and have him click the JOIN NOW on that page. This will start the Classmate Wizard where he can sign up.

Since Classcreator doesn't know their name, we cannot automatically click on their name, but since YOU know his name, you can click it and send him the link to go directly to his profile so he can sign in.

Eric B Bassey wrote:

Not any more Someone changed the login box. Looks like it's a tad narrower attempting to fix the size issue between logged in vs not logged in maybe?

Refresh your page and you'll see.

If the Classmate Profiles page is not displayed, we don't display the "JOIN HERE" block of text. Jack's page doesn't have a Classmate Profile page (not active). James page does have the Classmate Profiles and the link is active.

Jack, if you activate your "Cougar Profiles" page, the "JOIN HERE" link will reappear. (your current "Cougar Profiles" is a gallery page and not the standard "Classmate Profiles" page)

Not a bug.

Mmm, not exactly. I do have profiles active, just not how you expect them. See Cougar Profiles link and click it. It's the regular CC profile page, trust me. You got misled by how I did it.

Some of these implied changes are really not a good design choice. It's not a problem since I also have a REGISTER button, so it's not a big deal.

I did all that so I can reorder the left links any order I want vs waiting for CC 3.0

The Cougar Profiles link mouse-over says "http://www.bothellhigh61.com/class_gallery.cfm?gallery_link_id=10650"

Go to EDIT SITE PAGES. The top one says "Cougar Profiles". It is NOT ACTIVE.

I didn't say it didn't. But if you actually did it (click the link), where did it end up?

Just read my prior explanation carefully.

Eric B Bassey wrote:

Easy, let people design their own wording or create a more visible link. That's why I made a very large REGISTER button.

Eric, I know it's "simpler" if only under the EDIT PAGES, the CLASSMATE PROFILES had been unchecked. but it was not, so being password protected, every time someone would go to the site to join,once they click on the Classmate Profiles, it obviously did not take them to the name list of classmates to click on his/her name and join the site that way. Now it's un-checked and all is good with the world.

I also, could not place a temp password and e-mail on someones profile, there was nothing there on the people who have not joined the site yet.

Thx

There is no password field for people who have not yet registered because there is no use for a password for people who have not yet registered. If you want to register someone else, log out of the site, and register as if you were that person.

And in general, you should note that Jack has the skills to build his own site and is very good at working around the limitations of our product, but unless you want to learn those skills yourself, you're probably better off not trying to replicate any of his tricks on your own site. You can easily cause any of a raft of problems with your site that you will be unable to fix without help, and Jack will not have the access to give you the help you need.

I also have noted that the space for a password has been removed for those classmates that have not registered and was a bit frustrated by it. Seems to me it used to be there??

Believe me, you may think it is intuitive to follow the few instructions to become registered, but for some, AMAZINGLY, it is not, especially for some of us senior citizens, ha. We used to be able to set up everything for them (email, password, etc.) and that really helped.

I would suggest that this capability be reactivated, if only for the "root" administrator. The more flexiblity and capability we have to add, delete, alter whatever is needed to get these people activated all the better in my mind.

Also, and this might be a pretty dumb question, is there someway for those that don't have a computer/email to login to the website on someone else's computer with a password BUT no email to view the website and send emails to other classmates?

As an aside, I just noticed that the delete key doesn't work using this editor. It works outside the editor. I can backspace to delete. I'm I doing something wrong?

Thanks so much,
Dan

Dan Harvey wrote:

Whew! I thought it was me. I've had the same problem. Each time it eventually works, but it is getting on my nerves... and believe me that isn't easy.

No issues that I can detect. Assuming neither of you has a key issue, some guesses (and that's all they are):

Editing an overly long page (more than 4 pages long or a lot of graphics). Long pages demand more from an editor to "correct" the page formatting.

Browser or background programs are interfering.

Sometimes the browser and background programs get in the act. For example, usually I can type and post on this forum with no problems. But sometimes (since I'm running different version of FF all the time), it runs like a dog. Today it's great.

If the pages are not very long, run a simple test by rebooting, do not run anything else and try the editor again. Also try a different browser.

If it's still slow and it didn't used to be, could be that you've added "invisible" programs that you don't realize are eating your processor time. I find at least 2 or 3 things on people's systems that they added and didn't realize it slowed everything down.

IOW, anything you have added that you think is cool to have and it is running all the time (has a little icon on your task bar) is affecting your system. Not all of them have icons though. I use task manager to find the processes and look for those that are not "normal" tasks.

If you are not sure if a task is normal, use google to search for the name you see and it will tell you pretty fast what is is. If a name looks like alphabet soup, you can usually bet it's a virus

Edit: And don't use indexing

Jack,
Tried your test and the delete button seems OK now.
Thanks.
Dan

Eric B Bassey wrote:

I have a suggestion, that, at least superficially, cuts against the grain of this thread. I want to suggest (OK, re-suggest) that Class Creator stop storing its users’ passwords. Your site has many inexperienced computer users, and they need to be protected from themselves as much as possible. Plus, you wouldn’t want to wind up in the Hall of Shame.

Fixing this isn’t brain surgery; it just involves choosing a password hash code library and using it properly. The fix should be far easier for you guys (because you have been storing your users’ passwords) than it is for service providers who have been storing cryptographic hashes.

There are three leading password hash algorithms: bcrypt, pbkdf2, and scrypt. They each have strengths and weaknesses, and there’s no expert consensus. Just pick one, figure out the highest iteration count that won’t overburden your servers, make the switch, and announce it so that your users can decide whether they want to choose new passwords.

—Ben F

We are in the process of changing over our legacy password system to a hashed system using methods designed to meet contemporary password security standards.

That’s great!! I trust that “contemporary standards” means “best practices” and not the generally crummy methods that, sad to say, remain in widespread use.

Now about all those backup tapes …

—Ben F

Your concern about backup tapes is unrealistic. Our backup services are provided by commercial entites whose business it is to provide these services. The physical security of our data is as good as can be reasonably expected, but cannot be perfect. If the datacenters hosting either our primary servers or our backups are breached then your data may well be compromised and there is absolutely nothing that we or anyone else can do about it, and that is a fact of life for absolutely every computer system ever created. If someone has physical access to the servers then there is nothing that can be done to secure the data they contain.

If you have issue with this reality, then I am truly sorry, because nothing you do or say to anyone will make a difference.

From a blog maintained by the authors of 1Password:

Websites have responsibilities, too

Quote:

One of my members used the "Forgot Password" feature today, and he reported back that he received a "reset password" link instead of his old password. Looks like you've made some progress on this front.

Thanks!

—Ben F

Yes, this change has been in the product for a few months.

To: Ben, Eric, and Kyle,
I'm a relative novice to creating websites. I like the idea of storing passwords in CC. I trust you guys and it helps me if I need it. Because I've never created a site before, Your holding on to passwords is great. I say this because it allows me help some of my 'old ladies' work on their website (change donation amounts, change profile, etc.). Sometimes I get phone calls saying "I'm locked out" or "How do I donate" or the most frequent one "Would you do this for me?".
Being able to get into their info through THEIR eyes helps me fix 'it' for them. Just my opinion.
Example: If Kyle coudn't get into my site 'as me', I'd be in a tither with no help, often. But, as such, I've learned an incredible amount over the past 2 years--just totally invaluable info. Thank you, Kyle.
Barbara

Kyle Erickson wrote:

That's great, Kyle! Two questions.

One, can you say something about how login information is now being stored? (I'm hoping that the answer is that CC is now using a strong password hash function like PBKDF2 or bcrypt.)

Two, I just learned of a second instance this month of someone being unable to log on to my site with a password that supposedly used to work. The second case wasn't an ordinary classmate—it was a co-admin who is quite familiar with the site.

Might this have something to do with the product change? My password is still working fine, which makes me wonder whether CC did something like automatically reseting all weak passwords (not necessarily a bad idea, but confusing unless there is clear notice).

For all I know this may be happening with fairly high frequency—I probably wouldn't have learned about it but for the fact that a classmate was unable to recover or reset his password (he didn't think to check his Spam folder for the email message from noreply@classcreator.net containing the reset instructions).

These aren't idle inquiries—I may want to include something about the change in our next class communiqué, and I'd prefer that any information we pass along be accurate!

The vast majority of login failures are due to typos when entering the email address or password, followed by memory lapses about which email address or password is the right one. Once in a while there is a failure due simply to a hiccup in transmission between your computer and the server or vice versa.

We have been hashing passwords for months now, and at the time of implementation we replaced all non-hashed passwords with hashed versions and replaced retrieval links with reset links. That should not have affected anyone's ability to log in. We do not enforce strong passwords. There are legitimate and detailed arguments for and against this, and we have chosen what is most workable for our customer base.

As for the hashing method, we have chosen a method which offers an acceptable balance of security and usability, and since it will be completely obsolete in a couple of years anyway (as is every useful data encryption method ever created, eventually), we figure obscurity is a temporarily useful component of security. If you're really worried about it, you always have the option of using a password here that you don't use anywhere else. The enigma machine in our back room won't care.

Eric B Bassey wrote:

Eric, I’m not “really worried about it” for myself. I’m worried about it for my classmates, many of whom have little or no idea of the risks of reusing passwords. When all is said and done you can’t fully protect people from themselves, but I might not have chosen Class Creator for our class website had I realized at the outset that user passwords were being stored on your servers. While I don’t appreciate the tone of your last two posts in this thread, I do thank you for the steps that you have taken to better protect my classmates and all of your other users.

Thanks also for clarifying that no user passwords were changed as a result of your back-end modifications.